HTTPS Security Problems with Key Exchange Configuration

When configuring a web server, it is important to choose the cipher suite to avoid encryption algorithms that have been compromised. Recent research has discovered a new attack that exploits the Diffie-Hellman key exchange used by HTTPS, SSH, and VPNs. The attack is currently only feasible for nation-state organizations, as it require s a tremendous amount of computing power (a $1B computer running for a year) to break commonly used prime numbers, but once broken, decryption is computationally relatively easy. The team of researchers, led by Alex Halderman of the University of Michigan and Nadia Heninger of the University of Pennsylvania estimates that about 18% of the top 1 million domains, roughly 10% of email servers, 25% of SSH servers (used by system administrators) and 25% of VPNs are configured in a vulnerable way.

To test your web server, the Qualsys SSL Labs web site provides an easy to use web service that emulates a number of browsers and tests your SSL certificates and configuration. The first banking web site that I tested, Frostbank.com came up with a score of A and no Diffie-Hellman vulnerabilities. The second banking web site that I tested, bankofthewest.com showed a score of B with weak Diffie-Hellman exchange parameters. My website intially showed a C using the default settings in WHM (All -SSLv2 -SSLv3), but by changing the cipher suite in WHM to an explcit list that remove the RC4 cipher, it now shows an A-. Fixing the problem to get from A- to A will appears to involve some software changes rather than just a configuration change.

The downside to this removing old ciphers is that it appears that I now get no traffic from out-of-support web browsers as they can no longer get to my site. In the long term, this is good as these users will get a message that they need to upgrade to more secure browser technology. The report on Qualsys SSL shows the OS/Browser combinations than may no longer work with the new restricted cipher suite:

  • Native Internet Explorer on Windows XP and earlier
  • Native browser Android 4.3 and earlier
  • Safari on Apple OS X 10.8 (Mountain Lion) and earlier
  • Safari on iOS 6.1 and earlier

For users on these operating systems, installing Chrome or Firefox would allow them to connect to my site and other sites that use a restricted cipher list. Interestingly, running the SSL test on gmail.com shows a grade of B due to support for several old protocols including RC4.