Mailing List CGatePro@mail.stalker.com Message #107009
From: Gib Henry gib@gibhenry.com <CGatePro@mail.stalker.com>
Subject: Re: SSL Analyzer reveals CGP vulnerabilities
Date: Sun, 11 Nov 2018 09:35:32 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

Many thanks for a thorough and practical explanation!  Cheers,


Gib Henry

On 11/10/18 5:42 PM, Technical Support support@communigate.com wrote:
Hello,

On 2018-11-10 14:15, Gib Henry gib@gibhenry.com wrote:
I ran my test domain against Comodo’s SSL Analyzer and am puzzled about the results.  How can I close these vulnerabilities? Cheers,

DH key size of 1024 bits is used by default in CGPro and is considered strong enough to protect your TLS handshakes against normal attackers but not nation state level ones (is any state after you?). Longer keys on a busy system would impact performance, but you can use startup parameter
--DHKeySize 1536
or
--DHKeySize 2240
for increased security that most likely you never need on an e-mail server anyway.

RC4 is safer than block ciphers with TLS 1.0, that is still used by many implementations, and available only when the connecting side chooses to use it. Kept in the list for compatibility with older implementations unless "Use CBC for old TLS" option is enabled in TLS settings (and that is actually less secure than offering RC4 in the list, but your SSL analyzer may ignore that sad fact).

3DES is not disabled together with ciphers with shorter (128 and less) keys using the Weak Ciphers option in TLS settings because its key size is 192 bits formally and 168 bits really. You can instruct CGPro not to offer it together with other "weak ciphers" using the startup option
--TLSConsider3DESWeak YES
But again, much like with RC4, CGPro does not offer it with a high priority, the connecting client may always choose stronger 256 bit AES, but 3DES may still be useful for older implementation.

Also a general note on SSL/TLS "analyzers": many of those do not implement deep tests but look for specific behavior known for wide-spread implementations and when see one may flag the implementation as vulnerable, though it may be not true. And the rating system they use is good for their marketing but not for the actual security of your servers. No reports for actual MITM attacks on encrypted connections (those are really really hard to set up) but weak passwords, fake login pages and other leaks come dozens a day.


------------------------------------------------------------------------
Gib Henry

Protocol Features / Problems
Secure Renegotiation (Client-initiated)     Supported     VULNERABLE (DoS)
Cipher Suites Enabled
Name (ID)     Key Size (in bits)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6B)     256 DH 1024-bit     WEAK (DH group size)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)     256 DH 1024-bit     WEAK (DH group size)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)     128 DH 1024-bit     WEAK (DH group size)
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)     128 DH 1024-bit     WEAK (DH group size)
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xC011)     128 ECDH 256-bit (P-256)     WEAK (RC4)
TLS_RSA_WITH_RC4_128_SHA (0x5)     128     WEAK (RC4 )
TLS_RSA_WITH_RC4_128_MD5 (0x4)     128     WEAK (RC4 )
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xC012)     112 ECDH 256-bit (P-256) WEAK (3DES)
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)     112 DH 1024-bit     WEAK (3DES, DH group size
    
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xA)     112     WEAK (3DES)



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster