2 Replies Latest reply on Sep 21, 2017 11:05 AM by Isaac Matta

    Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)

    Isaac Matta

      Optional Configuration changes for BMC BladeLogic Server Automation Suite and BDSSA.

        • 1. Re: Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
          Isaac Matta

          Mitigation

          The obvious way to avoid these attacks is to stop using legacy 64-bit block ciphers. Alternatively, the attack can be mitigated by rekeying the session frequently.

          Concretely, we recommend the following measures to prevent our attack:

          • Web servers and VPNs should be configured to prefer 128-bit ciphers. According to our scans, about 1.1% of the top 100k web server from Alexa, and 0.5% of the top 1 million, support AES but prefer to use 3DES.
          • Web browsers should offer 3DES as a fallback-only cipher, to avoid using it with servers that support AES but prefer 3DES.
          • TLS libraries and applications should limit the length of TLS sessions with a 64-bit cipher. This could be done with TLS renegotiation, or in some cases by closing the connection and starting a new one (i.e. limiting HTTP/1.1 Keep-Alive, SPDY, and HTTP/2 with 3DES ciphersuites).
          • OpenVPN users can change the cipher from the default Blowfish to AES, using for instance cipher AES-128-CBC on the client and server configuration. If they don't control the server configuration, they can mitigate the attack by forcing frequent rekeying with reneg-bytes 64000000.

           

          Source: https://sweet32.info/

          • 2. Re: Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
            Isaac Matta

            The vulnerability CVE-2016-2183 is about a way to compromise Triple-DES cipher. This cipher is enabled by default in BSA and BDSSA as it is one of the FIPS 140-2 approved algorithm.

            Successfully carrying out the TLS variant of the Sweet32 attack requires a very particular set of capabilities on the part of the attacker.

            Given the list of requirements and the fact that BSA and BDSSA are not hosted in public domain (trusted network), we rate it to low severity with no immediate action required.

            However, if customers still want to disable the cipher based on their internal security policies they can disable Triple DES (3DES) cipher in BSA Appserver as described below and in BDSSA as described below.

             

             

            How to disable Triple DES (3DES) cipher in BSA Appserver and BDSSA?

            Triple DES (3DES) cipher can be disabled in appserver-options.properties of each Appserver deployments using steps given below (in version 8.6 and above).

            Configuration file change in BSA AppServer

            Set the value of parameters EnabledCipherSuites and EnabledCipherSuitesForWebservices in appserver-options.properties of each Appserver deployments as seen below. Essentially, remove the cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA (having 3DES) in its name.

            EnabledCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA

            EnabledCipherSuitesForWebservices=TLS_RSA_WITH_AES_256_CBC_SHA

            Restart Appservers.

             

            Configuration file changes in BDSSA

            Apache Tomcat

            In file /opt/bmc/BDSSA//tomcat/conf/server.xml, add/modify the following attribute into <Connector> tag. Essentially, remove the cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA (having 3DES) in its name.

            <Connector port="9443"

                   supportedCiphers="TLS_RSA_WITH_AES_256_CBC_SHA"

            Apache WebServer

            Change the files httpd-ssl.conf and httpd-ssl.conf.tmpl located at /opt/bmc/BDSSA/webserver/conf/extra, so that the value of parameter SSLCipherSuite is as seen in code block below. Essentially, remove the cipher DES-CBC3-SHA (having DES) in its name.

            SSLCipherSuite AES256-SHA

            Restart BDSSA.