Disable Low and Medium Strength Cipher for Java Applications

I use SSL so I am secure, right? - Wrong

A commonplace feeling is that if you are using TLS/SSL for communication between different components, the data in transit is safe. This is a misconception since the security of data in transit depends on what exact algorithms are being used for encryption. Some of the algorithms are deemed to be broken such as MD5 and RC4. During the negotiation between a client and a server when a TLS/SSL connection initiates, both the parties mutually decide which SSL version and cipher suite to go with for rest of the communication. SSL version 2 is considered to be unsafe while SSL v3 and TLS v1 are considerd safe.

Cipher What? - Cipher Suite


Cipher suites is a named combination of algorithms used for encryption when using TLS/SSL. It contains the encryption algorithm (like DES, RC4, AES) and the key size like (40, 56, 128 bit) and the hashing algorithm (like SHA and MD5). eg. RSA_WITH_RC4_128_SHA. Key size defines if the cipher is low, medium or high strength:
Low Strength Ciphers (< 56-bit key)
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
High Strength Ciphers (>= 112-bit key)

How to test SSL?

OWASP provides a good collection of tools to test your SSL configuration. One of the most convenient tool to do that is to use the TestSSLServer.jar file. More details here. The output looks like this:
java -jar TestSSLServer.jar www.google.com
Supported versions: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
  SSLv3
     RSA_WITH_RC4_128_MD5
     RSA_WITH_RC4_128_SHA
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     TLS_ECDHE_RSA_WITH_RC4_128_SHA
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  (TLSv1.0: idem)
  (TLSv1.1: idem)
  TLSv1.2
     RSA_WITH_RC4_128_MD5
     RSA_WITH_RC4_128_SHA
     RSA_WITH_3DES_EDE_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA
     RSA_WITH_AES_256_CBC_SHA
     RSA_WITH_AES_128_CBC_SHA256
     RSA_WITH_AES_256_CBC_SHA256
     TLS_RSA_WITH_AES_128_GCM_SHA256
     TLS_RSA_WITH_AES_256_GCM_SHA384
     TLS_ECDHE_RSA_WITH_RC4_128_SHA
     TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
----------------------
Server certificate(s):
  007a5ab302f14446e2ea24d3a829de22ba1bf950: CN=www.google.com, O=Google Inc, L=M
ountain View, ST=California, C=US
  c0019e434cc04dc9086a6e63c8ecf74781e4f4a0: CN=www.google.com, O=Google Inc, L=M
ountain View, ST=California, C=US
----------------------
Minimal encryption strength:     strong encryption (96-bit or more)
Achievable encryption strength:  strong encryption (96-bit or more)
BEAST status: protected
CRIME status: protected

Java Applications


A lot of enterprise applications use Java Encryption to enable Transport Level Security. Some examples are Adobe AEM (previously known as CQ5) and Dell Boomi. The applications depend directly on the Java installed for their encryption needs. So if you need to limit the cipher suites to only strong ciphers, it has to be done in java settings. The file which contains this options is java.security which can be found under $JAVA_HOME/lib/security/. This file is available only from Java 1.7. So if you are using an older version of Java, its time to switch to a newer version now.

Solution


jdk.tls.disabledAlgorithms is the argument we need to set. It is a blacklist of all the Algorithms that are to be disabled. The proper value will be the one that restricts the least number of cipher suites while disabling all Low and Medium Strength ones. This worked out for me quite well:
jdk.tls.disabledAlgorithms=MD5, DSA, RSA keySize < 112, MD2, RC4, DES, NULL



Comments

Post a Comment

Popular posts from this blog

Pentester Academy Basic Authentication Challenge 3 via Python

Since I am learning python here is a try at solving a Basic Auth Brute Force challenge posted at Pentester Academy: http://pentesteracademylab.appspot.com/lab/webapp/basicauth The challenge is Basic in difficulty level and already provides the usernames: nick or admin. The password is of 5 letters and consists of only a , s and d . So the problem can be divided into two parts: 1. Creating all the password combinations Here is the recursive function that returns a list of all the 5 letter combinations of a , s and d : def fun(a):     chars="asd"     l = len(a)     lenthPerWord = len(a[0])     if lenthPerWord == 5:         return a     c=[]     for i in range(0,l):         for j in chars:                      ...
Read more

Pentester Academy GET Method Challenge 1 via Python

The Challenge 1 for Pentester Academy uses GET method for sending over the credentials. So the username and password go like: http://pentesteracademylab.appspot.com/lab/webapp/1?email=admin%40PentesterAcademy.com&password=zzzxx Also one big hint dropped here is that the domain is PentesterAcademy.com. So the email addresses would look like admin@PentesterAcademy.com and jack@PentesterAacademy.com . I reused the code for generating all combinations of x , y and z from my previous blog post aimed at challenge 3. We just need to update the URL with the username and the password while sending the request for each combination. But how do we verify if the credentials have been accepted as valid or rejected? The webpage says “ Failed! Please try again!” if the credentials are rejected. So we can search for the string “Failed” in the response to check if the credentials were accepted. The complete solutions looks as follows: import urllib2 import sys def fun(a)...
Read more