Is it possible to list all Openssl ciphers a server supports?
It is not possible to ask a TLS server about all the supported ciphers. All one can do is to probe the server for a specific cipher and observe if it reports that the server will support this cipher or not. With openssl command line this would mean to use openssl s_client -no_tls1_3 -cipher ... for probing TLS 1.2 and lower ciphers and openssl s_client -tls1_3 -ciphersuites ... for TLS 1.3 ciphers.
Example for a successful handshake:
$ openssl s_client -no_tls1_3 -cipher AES128-GCM-SHA256 -connect google.com:443
...
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-GCM-SHA256
And for a failed handshake:
$ openssl s_client -no_tls1_3 -cipher AES128-SHA256 -connect google.com:443
...
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
There are several limits to this approach though:
One can only probe ciphers supported by the version of openssl in use, see openssl ciphers -V
Some server might limit specific ciphers to specific TLS protocol versions, like weaker ciphers only with TLS 1.0. So one also has to iterate over the various TLS protocol versions when probing
Some server limit ciphers only when specific ECC curves are announced as supported by the client
Some servers have different configurations for different domains on the same IP address
Thus, for the successful tests one can be sure that the cipher is supported. For unsuccessful tests one cannot be fully sure that the cipher is not supported since it might only be supported in a specific context. For ciphers not tested one has no idea if these are supported or not.
I got below vulnerabilities for NodeManager service in Weblogic version 12.1.3.0.0 and JDK 1.8.0_101-b13
{
"port": 5556,
"serviceName": "remotewatch?",
"protocol": "tcp",
"severity": 2,
"pluginID": 42873,
"pluginName": "SSL Medium Strength Cipher Suites Supported (SWEET32)",
"pluginFamily": "General",
"description": "The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.\n\nNote that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.",
"fname": "ssl_medium_supported_ciphers.nasl",
"pluginModificationDate": "2019/02/28",
"pluginType": "remote",
"riskFactor": "Medium",
"scriptVersion": "1.20",
"solution": "Reconfigure the affected application if possible to avoid use of medium strength ciphers.",
"synopsis": "The remote service supports the use of medium strength SSL ciphers.",
"pluginOutput": "\n Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)\n\n EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 \n ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 \n DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 \n\nThe fields above are :\n\n {OpenSSL ciphername}\n Kx={key exchange}\n Au={authentication}\n Enc={symmetric encryption method}\n Mac={message authentication code}\n {export flag}\n",
"cve": "CVE-2016-2183",
"complianceCheckName": null,
"complianceActualValue": null
}
{
"port": 5556,
"serviceName": "remotewatch?",
"protocol": "tcp",
"severity": 1,
"pluginID": 83875,
"pluginName": "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)",
"pluginFamily": "Misc.",
"description": "The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.",
"fname": "ssl_logjam.nasl",
"pluginModificationDate": "2019/11/27",
"pluginType": "remote",
"riskFactor": "Low",
"scriptVersion": "1.24",
"solution": "Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.",
"synopsis": "The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.",
"pluginOutput": "\nVulnerable connection combinations :\n\n SSL/TLS version : TLSv1.0\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.0\n Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.0\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.1\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.1\n Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.1\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n",
"cve": "CVE-2015-4000",
"complianceCheckName": null,
"complianceActualValue": null
}
I have tried to add "-Djdk.tls.ephemeralDHKeySize=2048" in the NodeManager process, but it didn't help.
Any comments/suggestions?
Have you verified if your NM process reflects the new DH key size? Or you can try to edit lib/security/java.security for java 1.8 version and change the key size to 2048 instead.
Changing minimum key length for Diffie-Hellman
I am using websockify 0.8.0 the latest version, but it doesn't support TLS-1.2 by default. I am looking for the strong cipher to be displayed for sslscan --no-hearbleed hostname:6080 command output.
Adding some extra info to make the question more clear : On running the below command, 3DES cipher is resulted with the least strength i.e. C.
nmap --script ssl-enum-ciphers -p 6080 hostname
On the same host DES is disabled for port 443. So it seems for nginx it has been taken care but for python-websockify it is still present.
So in brief I am finding the way to disable the 3DES cipher on port 6080 of the host. Thanks in advance.
Answering my own question. https://notes.bitfunnel.net/?q=node/54 helped.
I'm trying to fetch the following URL via various libraries and command-line tools, but running into a SSL handshake error.
> curl https://www.joelosteen.com/Views/RSS/Feed?t=PodcastVideo&ct=CustomList&cst=Podcasts
curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error
I've seen here it may be fixed by reducing possible ciphers, but trying this less strict call with restricted ciphers doesn't fix it.
curl -vlkL "https://www.joelosteen.com/Views/RSS/Feed?t=PodcastVideo&ct=CustomList&cst=Podcasts" --ciphers DHE-RSA-AES256-SHA
Any ideas how I can fix this? It's a shared account, ie no root available.
The server supports only TLS version 1.2, i.e. no TLS 1.0 or even SSL 3.0. My guess is that the curl you use is simply too old to use TLS 1.2, but without further details about the version you use this guess can not be verified.
To determine the version of curl use curl --version. If you see it is compiled with OpenSSL than it should show at least version 1.0.1 of OpenSSL to have TLS 1.2 support.
curl -vlkL ... --ciphers DHE-RSA-AES256-SHA
This is not a cipher supported by the server. One of the ciphers supported is AES128-SHA but again, no chance if your curl does not support TLS 1.2.
Please let me know how can I disable weak Ciphers for Tomcat 5.5.27
See the ciphers attribute in the HTTP connector definition: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
Alternatively if you're using APR, see the SSLCipherSuite directive as documented in the SSL connector configuration as documented here: http://tomcat.apache.org/tomcat-5.5-doc/apr.html.
Note that OpenSSL ciphersuite names aren't quite the same as the j2se ciphersuite names. The Java ciphers are documented at: http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE. For APR, the command openssl ciphers will give you a list of all available OpenSSL ciphers on your system.