Forum Discussion

wazir's avatar
wazir
Icon for Altostratus rankAltostratus
Jul 02, 2019

SSL Anonymous Cipher Suites Supported

The remote host supports the use of SSL/TLS ciphers that offer no authentication at all.

 

Solution:

Reconfigure the affected application, if possible to avoid the use of anonymous ciphers.

openssl ciphers -v

 

ssl-disable-anon-ciphers

 

What is the proper solution for the affected load balancer Haproxy linux server ?

  • Your configuration might be dependent on your current client/server cipher configuration and software version so I'll speak more in general about the changes that need to be made, see the linked articles for more specific details. It's worth noting that none of our 'DEFAULT' cipher strings on v11.x - v14.x allow ADH. Also, if you are not terminating SSL at the F5 then this would not be an issue at your F5.

     

    See the openssl link below and search for 'Anonymous' to see what ciphers allow anonymous.

     

    I would recommend first navigating to your SSL profile applied to your virtual server then grab the cipher string listed then connect to your F5 via SSH and use the cipher test command below to see what your current ciphers are.

     

    Does your report list specific ciphers it found?

     

    ADH is a common one and can be removed by appending ':!ADH' to your current cipher string.

     

    == Test Ciphers ==

    # tmm --clientciphers 'DEFAULT:!ADH'

     

    K13171: Configuring the cipher strength for SSL profiles (11.x)

    K17370: Configuring the cipher strength for SSL profiles (12.x - 13.x)

    K01770517: Configuring the cipher strength for SSL profiles (14.x)

    https://www.openssl.org/docs/manmaster/man1/ciphers.html

    K13156: SSL ciphers used in the default SSL profiles (11.x - 13.x)

    K54125331: SSL ciphers used in the default SSL profiles (14.x)

     

    • wazir's avatar
      wazir
      Icon for Altostratus rankAltostratus

      Output of the command : openssl ciphers -v 'ADH:@STRENGTH'

       

       

      DH-AES256-GCM-SHA384  TLSv1.2 Kx=DH    Au=None Enc=AESGCM(256) Mac=AEAD

      ADH-AES256-SHA256    TLSv1.2 Kx=DH    Au=None Enc=AES(256) Mac=SHA256

      ADH-AES256-SHA     SSLv3 Kx=DH    Au=None Enc=AES(256) Mac=SHA1

      ADH-CAMELLIA256-SHA   SSLv3 Kx=DH    Au=None Enc=Camellia(256) Mac=SHA1

      ADH-AES128-GCM-SHA256  TLSv1.2 Kx=DH    Au=None Enc=AESGCM(128) Mac=AEAD

      ADH-AES128-SHA256    TLSv1.2 Kx=DH    Au=None Enc=AES(128) Mac=SHA256

      ADH-AES128-SHA     SSLv3 Kx=DH    Au=None Enc=AES(128) Mac=SHA1

      ADH-SEED-SHA      SSLv3 Kx=DH    Au=None Enc=SEED(128) Mac=SHA1

      ADH-CAMELLIA128-SHA   SSLv3 Kx=DH    Au=None Enc=Camellia(128) Mac=SHA1

      ADH-DES-CBC3-SHA    SSLv3 Kx=DH    Au=None Enc=3DES(168) Mac=SHA1

      ADH-RC4-MD5       SSLv3 Kx=DH    Au=None Enc=RC4(128) Mac=MD5

       

       

      ssl-default-bind-ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES 256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

       

       its load balancer and not any backend servers , its a test LB so its not used for anything except testing configs

       

      1 .) Do i need to add anonymous cypher disable code on the above line Haproxy server on the path:/etc/haproxy/haproxy.cfg ?

       

      2 .) Do i need to add (DEFAULT:!ADH' ) on the above ssl-default-bind-ciphers ?

       

       

       

      • Andrew-F5's avatar
        Andrew-F5
        Icon for Employee rankEmployee

        I realized you noted HAproxy which is typically leveraged by NGINX but my entire reply above was in regards to the F5 LTM Client SSL profile.

         

        Admittedly I'm not super familiar with HAproxy but I'll try to some research and circle back here some time.

         

        I assume this is some pen testing tool giving you the result you noted? If so, does it specify what port/protocol/service it's connecting to?

         

        Given the ssl-default-bind-ciphers I would be surprised if that were it as there does not appear to be an anonymous ciphers.