Hardening TLS/SSL protocols- What Might Break


Is your organization still using old SSL/TLS protocols? June 2018 was the deadline for hardening SSL/TLS protocols and implementing a more secure encryption protocol.

The PCI Security Standards Council requires all payment processors and merchants to move to TLS 1.2 and above. Organizations that don’t follow this standard do not meet PCI DSS. It is 2019 already and many organizations still are not complying with PCI DSS.


What are TLS & SSL?

Transfer Layer Security (TLS) is a cryptographic protocol designed to provide secure communication between web browsers and servers. It is used in almost every app nowadays. Many IP-based protocols such as HTTPS, SMTP, POP3 and FTP support TLS. Secure Sockets Layer (SSL), on the other hand, is a protocol used to establish an encrypted link between web browsers and servers. It uses symmetric cryptography to encrypt the data transmitted. Encryption keys are based on shared secret negotiation at the beginning of any communication session. This secret negotiation is referred to as the TLS handshake.

Old, but still common TLS versions are the TLS 1.0, launched in 1999, and its update, TLS 1.1, which was launched in 2006. While both versions were recommended to be disabled a while ago, according to a Panorays research, 97% of organizations are still using them, instead of their updated versions.


Vulnerabilities and common attacks:

TLS/SSL had suffered from numerous malware attacks that exploited its vulnerabilities. Examples include:

  •  In late 2011, Browser Exploit against SSL/TLS (BEAST) was first revealed. BEAST attack takes advantages of weaknesses in cipher block changing (CBC) by using man-in-the-middle attack. A BEAST attacker silently decrypts and obtains authentication tokens, allowing them to access data passing between the web server and the browser.
  • Padding Oracle on Downgraded Legacy Encryption (POODLE), published in October 2014, exploits SSL v3.0’s vulnerability by also performing man-in-the-middle attack. The attacker encrypts the traffic, and mimics the server until the user agrees to downgrade the connection to the vulnerable SSL v3.0. Once the connection is established in the vulnerable SSL version, the POODLE attack takes advantage of the CBC vulnerability.
  • Compressing Ratio Info-leak Made East (CRIME) exploits the vulnerability in TLS compression. TLS compression method in the ClientHello message is only optional, meaning that the connection can be established without any compression. The main purpose of compression is to reduce bandwidth usage while preserving integrity and security when exchanging large amounts of information. CRIME captures the SeverHello message (in response to the ClientHello), and disables the compression option. The attacker can then take advantage of the compromised traffic.
  • TLS heartbeat extension is also a known vulnerability in old TLS versions. The heartbeat function is used to ensure that a connection between two parties continues, as long as they are still there. Heartbeat request is preformed when the user sends a heartbeat message and the size of the data to the server. The server then responds with the same heartbeat request, sending data and its size. Heartbeat vulnerability is reflected when a client sends false data length, and the server then responds with the same data received from the user in addition to some random data from its memory, to meet the data size announced by the user, even though his data didn’t meet his own statements.


What can be done?

The proper way to address those vulnerabilities is to harden TLS v1.0, TLS v1.1, SSL v2.0 & SSL v3.0 by disabling them.

In order to disable TLS v1.0 & 1.1 you need to create an Enabled entry in TLS 1.0 or TLS 1.1 subkeys (depending on the protocol you want to disable). This entry does not exist in the registry by default. After you have created the entry, change the DWORD value to 0. In order to enable the protocol, change the DWORD to 1. The same can be done to SSL 2.0 and SSL 3.0.


Why are those protocols still here?

Newer, more resilient TLS protocols have already been released. TLS 1.2 and 1.3 were released in late 2008 and 2018 respectively. So, how come so many companies still insist on relying on breached protocol versions such as the 1.0 and 1.1? Well, apparently this is because TLS/SSL usage is so extended, changing configurations could cause extensive damage. Changing configurations on enterprises’ server demand the support of all the services to the new version. For example, web browsers that don’t comply with the new configuration basically force organizations that need the connection to those browsers to stay exposed. Another issue is the lack of awareness of the vulnerability, or full awareness, but lack of regulations. In the absence of regulation to make them implement the changes, organizations might decide to avoid the mess of hardening SSL/TLS, thus leaving their infrastructure exposed to breaches.

In October 2018, Apple, Google, Microsoft & Mozilla (responsible for Chrome, Edge, IE, Firefox, and Safari browsers) announced that by the first half of 2020, TLS 1.0 & 1.1 will be disabled by them. This fact will hopefully force companies to finally deal with the hardening of SSL/TLS task.

L
Hardening SSL/TLS can cause a huge mess that organizations might decide to avoid, thus leaving their infrastructure exposed to breaches.


What might break when hardening SSL/TLS protocols?

Since SSL/TLS protocols support a wide variety of services as well as other protocols, you should take bear in mind that disabling it will probably force you to find solutions for services that depend on it.

Here are few examples of things that might break when hardening TLS/SSL protocols:

  • Public-facing websites using HTTPS
  • Remote desktop services
  • Anywhere Access RDP connection
  • Office 365 integration
  • Server 2008 R2, IIS 7.5 – when disabling both SSLv3 and TLS 1.0

IT forums and communities contain many more examples of damages that can be caused by hardening SSL/TLS. Eventually many organizations prefer to remain vulnerable than to take the risk that although tests will be performed, things will still continue breaking.


How to solve the problem?

CalCom’s software learning ability is capable of producing an accurate report regarding hardening SSL/TLS protocols consequences, so you won’t find out about it only when it breaks. It will also present the status of each server and whether it is hardened according to best practices recommendations or not. When finally deciding your course of action, CHS will automatically enforce your decision on the production environment.

References:

https://docs.secureauth.com/pages/viewpage.action?pageId=14778519

https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/

http://info.ssl.com/article.aspx?id=10241

https://www.keycdn.com/blog/deprecating-tls-1-0-and-1-1

https://support.microsoft.com/en-nz/help/187498/how-to-disable-pct-1-0-ssl-2-0-ssl-3-0-or-tls-1-0-in-internet-informat

https://support.venafi.com/hc/en-us/articles/360000431191-Disable-TLS-1-0-and-1-1-on-windows-server-

https://www.zdnet.com/article/chrome-edge-ie-firefox-and-safari-to-disable-tls-1-0-and-tls-1-1-in-2020/

https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls

https://community.spiceworks.com/topic/932042-disabling-ssl-3-0-and-tls-1-0-breaks-website

https://serverfault.com/questions/826802/how-to-disable-tls-1-0-without-breaking-remoteapps-on-server-2012-r2

https://social.technet.microsoft.com/Forums/en-US/9b838527-ff67-41bf-afc1-ab0a747bc9c6/disabling-tls-10-breaks-office-365-integration?forum=ws16essentials

https://www.server-essentials.com/community/discussions/disabling-tls-10-breaks-rdp-from-rww

https://forums.iis.net/t/1226316.aspx