You are here

Removing RC4 support from Airlock WAF

IDs: 
CVE-2015-2808
Keywords: 
RC4, TLS
Description: 

Due to recent progress in the area of exploiting RC4 weaknesses we decided to remove RC4 support from Airlock WAF. This corresponds to the recommendations of IETF (RFC7465) [1] and Qualys Security Labs [2].

Details

It is well known since years that RC4 cipher suites have several weaknesses. For compatibility reason with older clients like IE8 on Windows XP, RC4 cipher suites were not completely removed from the default cipher suite of Airlock WAF. Further, by removing support for RC4 older client may negotiate a CBC cipher in TLSv1.0 which is vulnerable to BEAST when the client is not patched (which is likely the case with very old clients).

We rate the current risk of low priorized RC4 cipher suites in Airlock WAF as low to moderate because no modern client will negotiate such a cipher suite. Further, with common RC4 exploits like the one described in [3] an attacker may only be able to decrypt a few bits. This may be enough to extract a short session cookie from the encrypted traffic. The session cookie in Airlock WAF has a relative high entropy and large size and is therefore still secure if certain bits are leaked. Other exploits [4] require a lot of session/connection material to decrypt identical plaintext fragments.

Due to recent progress in the area of exploiting RC4 weaknesses, SSL/TLS cipher suite downgrading attacks and our expectation that this trend goes on we decided to completely remove RC4 support from the default cipher suites of Airlock WAF.

Further information about the Airlock WAF cipher suite can be found here.

Resolution: 

The Airlock Team has published hotfixes to remove RC4 support from the following components:

- External Apache instance
- Management Apache instance
- SSL VPN Module

Impact

By removing RC4 support from Apache httpd, certain old clients like IE8 on Windows XP can no longer negotiate the basic cipher suite TLS_RSA_WITH_RC4_128_SHA (0x5) with Airlock WAF. These clients will probably fall back to the cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) instead.

The criticality of the hotfix is low.

Component: 
Airlock
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock