Removing RC4 support from Airlock WAF

Due to recent progress in the area of exploiting RC4 weaknesses we decided to remove RC4 support from Airlock WAF. This corresponds to the recommendations of IETF (RFC7465) [1] and Qualys Security Labs [2].

Details

It is well known since years that RC4 cipher suites have several weaknesses. For compatibility reason with older clients like IE8 on Windows XP, RC4 cipher suites were not completely removed from the default cipher suite of Airlock WAF. Further, by removing support for RC4 older client may negotiate a CBC cipher in TLSv1.0 which is vulnerable to BEAST when the client is not patched (which is likely the case with very old clients).

We rate the current risk of low priorized RC4 cipher suites in Airlock WAF as low to moderate because no modern client will negotiate such a cipher suite. Further, with common RC4 exploits like the one described in [3] an attacker may only be able to decrypt a few bits. This may be enough to extract a short session cookie from the encrypted traffic. The session cookie in Airlock WAF has a relative high entropy and large size and is therefore still secure if certain bits are leaked. Other exploits [4] require a lot of session/connection material to decrypt identical plaintext fragments.

Due to recent progress in the area of exploiting RC4 weaknesses, SSL/TLS cipher suite downgrading attacks and our expectation that this trend goes on we decided to completely remove RC4 support from the default cipher suites of Airlock WAF.

Further information about the Airlock WAF cipher suite can be found here.