You are here

SSL/TLS Settings in Airlock WAF

Affects product: 
Airlock WAF

Attacks on SSL/TLS and Airlock WAFs Protection Mechanisms

The following list shows some major attack vectors on SSL/TLS and describes how the default configuration of Airlock WAF protects.

Public Disclosure Attack Affected server Airlock WAF attack mitigaton Ref.
2017 ROBOT Bad implementations of TLS cipher modes that use RSA for key exchange. Airlock WAF is not affected because current OpenSSL versions are not affected. [16]
2016 SWEET32 Server supporting 3DES ciphers

3DES is disabled since Airlock WAF 6.1

[6] 
2016 DROWN Server supporting SSL protocol version 2

SSLv2 is disabled since Airlock WAF 4.2**

[14]
- RC4 attacks Server supporting RC4 ciphers

RC4 is disabled since Airlock WAF 5.3*

[5]

2016 HEIST All TLS server but especially the one with enabled response traffic compression

Same mitigations as for TIME

[7]
2015 logjam

Server supporting Diffie Hellman (DH) ciphers and DH groups with small primes (e.g. 512 bits).

Airlock WAF prevents DH parameters shorter than 1024bit.

[8]
2015 FREAK Server supporting RSA export ciphers RSA export ciphers are disabled since Airlock WAF 4.2** [9]
2014 POODLE Server supporting SSL protocol version 3 SSLv3 is disabled since Airlock WAF 5.2* [10]
2014 HEARTBLEED Server with vulnerabile OpenSSL version OpenSSL is fixed since Airlock WAF 5.1* [11]
2013 LUCKY 13

Server with timing oracles in CBC implementation

OpenSSL fix in place
GCM mode preferred over CBC mode

[8]
2013 BREACH Server with enabled HTTP response compression Same as for TIME.  [1]
2013 TIME Server with enabled HTTP response compression HTTP response compression is disabled by default. Mitigation available if compression can not be disabled [15]. [12]
2012 CRIME Server supporting TLS compression TLS compression is disabled by default. [13]
2011 BEAST Server supporting TLS 1.0 with CBC mode ciphers

TLS protocol version 1.1 and 1.2 take priority over TLS 1.0 and GCM mode over CBC mode.

[2]

* Hotfixes available for older releases
** We do not consider Airlock WAF releases before 4.2

Client Compatibility

The default SSL/TLS configuration of Airlock WAF provides a good balance between security and client compatibility. Unfortuantly it not possible to support very old clients while preventing all known SSL/TLS attack. The default configuration of Airlock WAF is compatible with all modern clients. The following table shows when and why we dropped support for older browsers.

Dropped Browser Support Airlock Release Reason
Internet Explorer 8 on Windows XP

Airlock WAF 6.1

SWEET32 attack
Internet Explorer 6 

Airlock WAF 5.1 with HF5010
Airlock WAF 5.0 with HF5009
Airlock WAF 4.2.6 with HF4429 

POODLE attack

Recommandations for TLS Server Certificates

Airlock WAF supports RSA server certificates. We do not recommend to configure DSA or ECDSA certificates even if it is possibles with Apache Expert Settings. We recommend to use 2048 bit RSA keys or more and a hashing algorithm like SHA256 or better.

Other Considerations in Airlock WAFs SSL/TLS Default Configuration

Forward Secrecy

Forward Secrecy is a security property provided by ciphers with ephemeral Diffie-Hellmann (DHE) key exchange scheme. With Forward Secrecy, attackers cannot decrypt intercepted traffic even if they get hold of the private key used in the session handshake. DHE key exchange is slower than ECDHE (Elliptic curve DHE) key exchange. ECDHE ciphers are available since Airlock 5.0. All modern clients establish a cipher with forward secrecy property with Airlock WAF.

Note that Non-Forward Secrecy ciphers are only vulnerable if your private keys are compromised. However, keeping private keys confidential is crucial even if Forward Secrecy ciphers are used, because an active Man-in-the-Middle attacker can still decrypt the traffic if he knows the private keys during the SSL handshake.

Weak Diffie Hellman Parameter / Java 6

To prevents attacks like logjam, Airlock WAF does not support weak Diffie Hellman parameters (i.e. parameters shorter than 1024 bits). The actual DH parameter size depends on the size of the configured certificate. To support clients based on Java 6 which do not support large DH parameters, Airlock WAF establish a non-DHE cipher (AES128-SHA) with Java 6 clients.

Custom SSL/TLS settings for front-side HTTPS connections

The default cipher suite and other SSL/TLS settings can be overwritten in the Configuration Center with Apache Expert settings. See ciphersuite-configuration.

References

[1] BREACH attack and mitigation
[2] BEAST attack
[3] LUCKY13 attack
[4] Perfect Forward Secrecy in Airlock
[5] RC4 vulnerability
[6] SWEET32 Attack on 3DES Ciphers
[7] Heist attack on TLS/SSL
[8] Logjam attack
[9] SSL Freak attack
[10] POODLE: SSL 3.0 vulnerability
[11] OpenSSL Heardbleed vulnerability
[12] Attack of the week: RC4 is kind of broken in TLS
[13] Wikipedia: CRIME
[14] The DROWN Attack
[15] BREACH attack: Disable compression for cross-origin requests
[16] The ROBOT Attack
Knowledge Base Categories: