1. 漏洞報告
2. 漏洞介紹
SSL經過幾年發展,於1999年被IETF納入標准化,改名叫TLS 1.0,和SSLv3.0相比幾乎沒有做什么改動。2006年提出了TLS v1.1,修復了一些bug,支持更多參數。2008年提出了TLS v1.2做了更多的擴展和算法改進,是目前(2019年)幾乎所有新設備的標配。TLS v1.3在2014年已經提出,2016年開始草案制定,然而由於TLS v1.2的廣泛應用,必須要考慮到支持v1.2的網絡設備能夠兼容v1.3,因此反復修改直到第28個草案才於2018年正式納入標准。TLSv1.3改善了握手流程,減少了時延,並采用完全前向安全的密鑰交換算法。
3. 漏洞危害
遠程服務接受使用TLS 1.0加密的連接。TLS 1.0具有許多密碼設計缺陷。為了符合支付卡行業數據安全標准(PCI DSS)並符合行業最佳實踐,PCI標准規定TLS1 .0安全通信於2018年6月30日不再生效。自2020年3月31日起,尚未啟用TLS 1.2及更高版本的端點將不再與主流的Web瀏覽器和主要的供應商一起正常運行。
4. 漏洞檢測
λ nmap -sS --script="ssl-enum-ciphers" -p 443 192.168.43.58
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-20 16:58 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.43.58
Host is up (0.0019s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA - E
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 1024) - D
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_DES_CBC_SHA (dh 1024) - D
| TLS_RSA_EXPORT_WITH_DES40_CBC_SHA - E
| TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - E
| TLS_RSA_EXPORT_WITH_RC4_40_MD5 - E
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 1024) - D
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 1024) - A
| TLS_RSA_WITH_DES_CBC_SHA (rsa 1024) - D
| TLS_RSA_WITH_RC4_128_MD5 (rsa 1024) - D
| TLS_RSA_WITH_RC4_128_SHA (rsa 1024) - D
| compressors:
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| 64-bit block cipher DES vulnerable to SWEET32 attack
| 64-bit block cipher DES40 vulnerable to SWEET32 attack
| 64-bit block cipher RC2 vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| Weak certificate signature: SHA1
|_ least strength: E
MAC Address: 00:0C:29:3E:BA:70 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 2.30 seconds
5. 漏洞修復
1. Apache 漏洞修復
## 為了對SSLProtocol使用TLSv1.1和TLSv1.2,
## 至少需要Apache 2.2.23版本。
## 至少需要OpenSSL 1.0.1版本。
## 然后將/etc/httpd/conf.d/ssl.conf 修改為 SSLProtocol TLSv1.2。
## 重新啟動Apache服務。
## 漏洞復測
λ nmap -sS --script="ssl-enum-ciphers" -p 443 192.168.43.58
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-20 16:58 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.43.58
Host is up (0.0019s latency).
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
|_ least strength: C
MAC Address: 00:0C:29:3E:BA:70 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 2.30 seconds