You are here

SSL/TLS Settings in Airlock WAF

Affects product: 
Airlock WAF

Attacks on SSL/TLS and Airlock WAFs Protection Mechanisms

The following list shows some major attack vectors on SSL/TLS and describes how the default configuration of Airlock WAF protects.

Public DisclosureAttackAffected serverAirlock WAF attack mitigatonRef.
2016SWEET32Server supporting 3DES ciphers

3DES is disabled since Airlock WAF 6.1

[6] 
2016DROWNServer supporting SSL protocol version 2

SSLv2 is disabled since Airlock WAF 4.2**

[14]
-RC4 attacksServer supporting RC4 ciphers

RC4 is disabled since Airlock WAF 5.3*

[5]

2016HEISTAll TLS server but especially the one with enabled response traffic compression

Same mitigations as for TIME

[7]
2015logjam

Server supporting Diffie Hellman (DH) ciphers and DH groups with small primes (e.g. 512 bits).

Airlock WAF prevents DH parameters shorter than 1024bit.

[8]
2015FREAKServer supporting RSA export ciphersRSA export ciphers are disabled since Airlock WAF 4.2**[9]
2014POODLEServer supporting SSL protocol version 3SSLv3 is disabled since Airlock WAF 5.2*[10]
2014HEARTBLEEDServer with vulnerabile OpenSSL versionOpenSSL is fixed since Airlock WAF 5.1*[11]
2013LUCKY 13

Server with timing oracles in CBC implementation

OpenSSL fix in place
GCM mode preferred over CBC mode

[8]
2013BREACHServer with enabled HTTP response compressionSame as for TIME. [1]
2013TIMEServer with enabled HTTP response compressionHTTP response compression is disabled by default. Mitigation available if compression can not be disabled [15].[12]
2012CRIMEServer supporting TLS compressionTLS compression is disabled by default.[13]
2011BEASTServer supporting TLS 1.0 with CBC mode ciphers

TLS protocol version 1.1 and 1.2 take priority over TLS 1.0 and GCM mode over CBC mode.

[2]

* Hotfixes available for older releases
** We do not consider Airlock WAF releases before 4.2

Client Compatibility

The default SSL/TLS configuration of Airlock WAF provides a good balance between security and client compatibility. Unfortuantly it not possible to support very old clients while preventing all known SSL/TLS attack. The default configuration of Airlock WAF is compatible with all modern clients. The following table shows when and why we dropped support for older browsers.

Dropped Browser SupportAirlock ReleaseReason
Internet Explorer 8 on Windows XP

Airlock WAF 6.1

SWEET32 attack
Internet Explorer 6 

Airlock WAF 5.1 with HF5010
Airlock WAF 5.0 with HF5009
Airlock WAF 4.2.6 with HF4429 

POODLE attack

Recommandations for TLS Server Certificates

Airlock WAF supports RSA server certificates. We do not recommend to configure DSA or ECDSA certificates even if it is possibles with Apache Expert Settings. We recommend to use 2048 bit RSA keys or more and a hashing algorithm like SHA256 or better.

Other Considerations in Airlock WAFs SSL/TLS Default Configuration

Forward Secrecy

Forward Secrecy is a security property provided by ciphers with ephemeral Diffie-Hellmann (DHE) key exchange scheme. With Forward Secrecy, attackers cannot decrypt intercepted traffic even if they get hold of the private key used in the session handshake. DHE key exchange is slower than ECDHE (Elliptic curve DHE) key exchange. ECDHE ciphers are available since Airlock 5.0. All modern clients establish a cipher with forward secrecy property with Airlock WAF.

Note that Non-Forward Secrecy ciphers are only vulnerable if your private keys are compromised. However, keeping private keys confidential is crucial even if Forward Secrecy ciphers are used, because an active Man-in-the-Middle attacker can still decrypt the traffic if he knows the private keys during the SSL handshake.

Weak Diffie Hellman Parameter / Java 6

To prevents attacks like logjam, Airlock WAF does not support weak Diffie Hellman parameters (i.e. parameters shorter than 1024 bits). The actual DH parameter size depends on the size of the configured certificate. To support clients based on Java 6 which do not support large DH parameters, Airlock WAF establish a non-DHE cipher (AES128-SHA) with Java 6 clients.

Custom SSL/TLS settings for front-side HTTPS connections

The default cipher suite and other SSL/TLS settings can be overwritten in the Configuration Center with Apache Expert settings. See ciphersuite-configuration.

References

[1] BREACH attack and mitigation
[2] BEAST attack
[3] LUCKY13 attack
[4] Perfect Forward Secrecy in Airlock
[5] RC4 vulnerability
[6] SWEET32 Attack on 3DES Ciphers
[7] Heist attack on TLS/SSL
[8] Logjam attack
[9] SSL Freak attack
[10] POODLE: SSL 3.0 vulnerability
[11] OpenSSL Heardbleed vulnerability
[12] Attack of the week: RC4 is kind of broken in TLS
[13] Wikipedia: CRIME
[14] The DROWN Attack
[15] BREACH attack: Disable compression for cross-origin requests
Knowledge Base Categories: