You are here

Stopping the BEAST with Airlock

IDs: 
CVE-2011-3389
Keywords: 
BEAST
Description: 

It is known, that the TLS 1.0 implementation has a weakness in cipher suites using CBC (Cipher Block Chaining mode). Up to now this was thaught of as a theoretical attack. With CVE-2011-3389 (BEAST) a concrete exploit is presented. It consist of two components: a man-in-the-middle attack, and software running within the client's context which produces known plaintext SSL traffic, see http://www.schneier.com/blog/archives/2011/09/man-in-the-midd_4.html.

Resolution: 

Different solutions are proposed, for instance disabling TLS 1.0 and using TLS 1.1 or TLS 1.2, or using only RC4, a stream cipher, instead of the affected block ciphers.

Airlock 4.2.5 includes OpenSSL 1.0.1, which has implemented TLS 1.1 and TLS 1.2.

Still, if it were possible to exclude TLS 1.0 and use only TLS 1.1 or TLS 1.2, one would risk to lock out a lot of clients which don't support those newer protocols (i.e. Firefox).

Restricting the cipher suites only to the ones using RC4 would not only remove the vulnerable cipher suites, but the ones still secure too, which might result in excluding clients unecessarely.

Our suggestion is to adapt the cipher suites on Airlock. We recommend to prefer ciphers not using CBC then the RC4 and finally the rest. To be able to achieve that the server has to force the client to honor it's order. That way no clients will be excluded and using the affected ciphers will be reduced to the necessary minimum.

There are two things to be done 1. adapt the cipher suites and 2. activate the changes.

It may be easier to get the config file from the server, make the changes in an editor and then copy the file back onto Airlock.

Step 1: Adapt the cipher suites (remove the vulnerable cipher suites)

  • log on to the Airlock console
  • open the /opt/slt/ses/apache22/conf/httpd.conf.in file with an editor like vi or vim
    # vi /opt/slt/ses/apache22/conf/httpd.conf.in
  • replace the line found in the beginng, i.e.:
    SSLCipherSuite HIGH:MEDIUM:!RC2:!ADH:!aNULL:-SSLv2:!kEDHwith the following two lines, the one with the correct cipher suite order and the other one to tell the server to propose cipher suites, which by default is done by the client:
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:MEDIUM:!MD5:!RC2:!aNULL:!EDH
  • save the file and exit 

Step 2: Activate the changes

To enable the changes, you have to do the following steps:

  • restart the Configuration Center Agent
    # svcadm restart svc:/site/slt_alec_agent
  • log in to the Configuration Center with the admin user
  • activate the running configuration within the Configuration Center, no changes have to be made. This is necessary so that the changes get transferred from the httpd.conf.in into the httpd.conf file
  • restart Apache, which runs in the external zone
    # zlogin ext
    # /etc/init.d/slt.apache restart
  • done!

These changes are not update resistant. After updating Airlock, you have to edit the httpd.conf.in file again.

The httpd.conf.in file layout changes between Airlock 4.2.3.3 and 4.2.4. Therefore you can not save the file now and reuse it when 4.2.4 will be released. The change itself remains the same.

Component: 
Airlock
Airlock Vulnerability Status: 
Airlock vulnerable, see resolution
Back-end Vulnerability Status: 
No action required