DOCSLIB.ORG

The Trip to TLS Land Using the WSA Tobias Mayer, Consulting Systems Engineer BRKSEC-3006 Me…

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Trip to TLS Land Using the WSA Tobias Mayer, Consulting Systems Engineer BRKSEC-3006 Me… The Trip to TLS Land using the WSA Tobias Mayer, Consulting Systems Engineer BRKSEC-3006 Me… CCIE Security #14390, CISSP & Motorboat driving license… Working in Content Security & IPv6 Security tmayer{at}cisco.com Writing stuff at “blogs.cisco.com” Agenda • Introduction • Understanding TLS • Configuring Decryption on the WSA • Troubleshooting TLS • Thoughts about the Future • Conclusion For Your Reference • There are (many...) slides in your print-outs that will not be presented. • They are there “For your Reference” For Your Reference Microsoft and Google pushing encryption • Microsoft pushing TLS with PFS • Google, FB, Twitter encrypting all traffic • HTTPS usage influencing page ranking on google • Deprecate SHA1, only SHA2+ • Browser Vendors aggressively pushing https • Problems with older TLS versions leading to upgrade of servers to newer protocols and ciphers • Poodle, Freak, Beast, …. Google Search Engine • Google ranking influenced by using HTTPS • http://blog.searchmetrics.com/us/2015 /03/03/https-vs-http-website-ssl-tls- encryption-ranking-seo-secure- connection/ Understanding TLS TLS Versions • SSLv3, 1996 • TLS 1.0, 1999, RFC2246 • TLS 1.1, 2006, RFC4346 • Improved security • TLS 1.2, 2008, RFC5246 • Removed IDEA and DES ciphers • Stronger hashes • Supports authenticated encryption ciphers (AES-GCM) • TLS 1.3, currently Internet Draft Attacks… • POODLE • SSLv3 Problems with Padding, turn of SSLv3 • BEAST • Know issues in CBC mode, use TLS 1.1/1.2 with non-CBC mode ciphers (GCM) • CRIME/BREACH • Compression Data Leak, disable compression in TLS (CRIME), HTTP Compression still there • Lucky13 • Problem with Padding still exists with CBC Ciphers, use TLS 1.2 with AEAD (GCM) • Freak • Downgrade to RSA_EXPORT, disable EXPORT CIPHERS, use TLS 1.2 • Logjam • Force client to downgrade to DHE_EXPORT Grade ciphers, disable DHE_EXPORT Ciphers, use TLS 1.2 TLS Versions • SSLv3, 1996, broken by Poodle • TLS 1.0, 1999, RFC2246, weakend by BEAST and Lucky13 • TLS 1.1, 2006, RFC4346, weakend by Lucky13 • Improved security • TLS 1.2, 2008, RFC5246 • Removed IDEA and DES ciphers • Stronger hashes • Supports authenticated encryption ciphers (AEAD, i.e. AES-GCM) • TLS 1.3, currently Internet Draft How is the encryption of the target website? TLS Handshake Version Number Client Hello Version: Highest Version that the client Support Server Hello Version: This is the Version that we will use for the TLS Connection. Server SHOULD select the highest Version possible. Usually indicating lowest version supported Highest Version the client supports Ciphers explained Name Prot Kx Au Enc Bits Mac TLS_RSA_WITH_RC4_128_MD5 TLS RSA RSA RC4_128 128 MD5 TLS_DH_RSA_WITH_DES_CBC_SHA TLS DH RSA DES_CBC 56 SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS DHE RSA AES_128_CBC 128 SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS ECDH ECDSA AES_256_CBC 256 SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS ECDHE RSA AES_256_GCM 256 SHA384 PFS – Perfect Forward Secrecy • Using RSA key for authentication and key generation is putting our traffic vulnerable to offline attacks • Someone might record out traffic and years later, compromise our Server, get the private key and decrypt all traffic. • Diffie-Hellman (DH) is a method to prevent this, but: • With static DH, the DH parameters are actually again the private key… • DHE is using unique keys for every session, this is called Perfect Forward Secrecy PFS - Example • DHE Ciphers use PFS • But are heavy to compute… • ECDHE Ciphers use Ecliptic Curves and provide PFS • Much better performance • Especially in Software AEAD – Authenticated Encryption https://en.wikipedia.org/wiki/Authenticated_encryption • Authenticated Encryption with associated data • CBC (confidentiality) + HMAC(integrity) vs. AE(confidentiality & integrity) • GCM is the most popular Algorithm https://en.wikipedia.org/wiki/Galois/Counter_Mode • No License and fast computing • Implemented in OPENSSL • Get more info about encryption in BRKSEC-3005! Breaking HTTPS 1. Generate public/private key and root certificate 2. install that root certificate on client devices Web Browser TLS proxy HTTPS Server 4. TLS Hello 3. Visit 5. TLS Hello website 6. Server Certificate 7. Validate certificate 8. Generate (spoofed) certificate, signed by our private key from (1) 9. (Spoofed) Server Certificate Did we forget someone? • The client needs to be able to support TLS versions & ciphers also • Overview can be found here: • https://en.wikipedia.org/wiki/Transport_Layer_Security Tobias Mayer, CSE Configuring Decryption on the WSA Explicit Proxy • Client requests a website • Browser connects first to WSA TCP_MISS_SSL/200 39 CONNECT tunnel://www.google.de:443 • WSA does DNS lookup - A record returned and/or AAAA record returned • Depending on WSA setting, WSA builts outgoing connection either on IPv4 or IPv6 Internet Web Web Security Appliance server IPv6 IPv4 Internet ASA NGFW Transparent Proxy via WCCP • Client requests a website using IPv4 or IPv6 • DNS Resolution is done by the Client • Browser tries to connect to Website TCP_MISS_SSL/200 0 TCP_CONNECT • Network85.17.181.244:443 Device redirects traffic to WSA using WCCP • WSA proxies the request Web Security Appliance Internet Web IPv6 server IPv4 Internet ASA NGFW Certificate installation and usage - recap • The WSA needs a CA Certificate to be installed for TLS decryption • Not a WEB SERVER CERTIFICATE!!! TAC will say thank you for this! • After receiving the HTTPS Request, the WSA will grab the server certificate from the destination • It will create a new certificate with (nearly) all the fields and sign this with her own certificate • CRL is not replicated because it would not match the “new” certificate • Client needs to trust the certificate from the WSA • Use a trusted Enterprise subordinate CA certificate or roll out your self-signed cert to the clients via GPO • Certificates on the WSA use PEM format Certificate installation and usage BASIC CONTRAINTS : Critical • https://tools.ietf.org/html/rfc5280#section-4.2 “Each extension in a certificate is designated as either critical or non-critical. A certificate-using system MUST reject the certificate if it encounters a critical extension it does not recognize or a critical extension that contains information that it cannot process. A non-critical extension MAY be ignored if it is not recognized, but MUST be processed if it is recognized.” • Basic Constraints defines if the Certificate is a CA, recommended to set to CRITICAL Certificate installation and usage • Browser Companies & CA phasing out SHA-1: https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1- based-signature-algorithms/ • https://googleonlinesecurity.blogspot.rs/2014/09/gradually-sunsetting-sha-1.html • Moving to SHA-2 • Set of algorithms: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 • WSA 9.x+ • Generating a self-signed certificate will use SHA-256 by default and 2048 bit RSA key • CSR can be sent to a CA but CA needs also to use SHA-256 • Importing externally generated certificate and key is possible • DSA_SHA256 signed certificates are not supported General SSL Settings • Settings for the HTTPS Proxy Service • Protocol to use • Cipher String to use • Disable compression General SSL Settings (2) - Cipher strings openssl ciphers ‘ALL’ Use all ciphers openssl ciphers ‘HIGH:MEDIUM’ Use only ciphers classified as HIGH and MEDIUM openssl ciphers ‘HIGH:MEDIUM:-RC4’ Use only HIGH &MEDIUM and no RC4 …. ‘HIGH:MEDIUM:-RC4:-eNULL:-aNULL’ HIGH & MEDIUM, no RC4,, no NULL authentication & NULL encryption ‘HIGH:MEDIUM:-RC4:@strength’ @strength : sort based on strength Recommended (by Toby…) Cipher String – v9.0.1 • Default string, moving ephemeral DH to the front, disabling EXPORT Ciphers, Ciphers with less than 128 bit symmetric key and RC4 • Before disabling TLS 1.0 , a personal risk assessment is recommended! General SSL Settings (3) • Fallback • Client sends “Client Hello” and suggests a version to use • If Server responds with a “fatal error”, client will fallback to another version • Example: TLS 1.2 “yes” but there is no common cipher offered… • Not a “fatal error” : Client asks for TLS 1.2 but Server offers 1.0 General SSL Settings (2) • Fallback • WSA has a feature that enables or disables “Fallback” • WSA will fallback to the “lowest” Version supported • Enabled / Disabled via CLI under “sslsettings” • Recommendation: Enable, definitely enable…. Decryption Policy • Policy can be based on • Identification Profile (Identity) • URL Category • Web Reputation • Additional Options Decryption Policy (2) • Categories • “Pass Through” will still check for certificate errors! • Invalid certificate or expired certificate on the server will fail the “Pass through” Decryption Policy (3) • Custom URLs (best used for making an exception for decryption) • “Pass Through” will bypass all certificate check -> true Pass Through • “Decrypt” -> certificates will be checked and the user will get a prompt (“untrusted CA”) • Custom categories take precedence over predefined categories! Decryption Policy (4) • Decrypt for Application Detection • Will try to decrypt all categories that are put on “monitor” , incl. “no categories” • AVC Engine checks the request header and decides if it needs decryption • Will supersede the “Pass Through” Option in “Decryption for WBRS” • AVC Engine will check if decryption is necessary • Might dramatically increase the traffic that is being decrypted Decryption Policy (5) • Decrypt for End User Notification • Important for transparent requests, not so
Load more

Recommended publications
  • SSL/TLS Implementation CIO-IT Security-14-69
    DocuSign Envelope ID: BE043513-5C38-4412-A2D5-93679CF7A69A IT Security Procedural Guide: SSL/TLS Implementation CIO-IT Security-14-69 Revision 6 April 6, 2021 Office of the Chief Information Security Officer DocuSign Envelope ID: BE043513-5C38-4412-A2D5-93679CF7A69A CIO-IT Security-14-69, Revision 6 SSL/TLS Implementation VERSION HISTORY/CHANGE RECORD Person Page Change Posting Change Reason for Change Number of Number Change Change Initial Version – December 24, 2014 N/A ISE New guide created Revision 1 – March 15, 2016 1 Salamon Administrative updates to Clarify relationship between this 2-4 align/reference to the current guide and CIO-IT Security-09-43 version of the GSA IT Security Policy and to CIO-IT Security-09-43, IT Security Procedural Guide: Key Management 2 Berlas / Updated recommendation for Clarification of requirements 7 Salamon obtaining and using certificates 3 Salamon Integrated with OMB M-15-13 and New OMB Policy 9 related TLS implementation guidance 4 Berlas / Updates to clarify TLS protocol Clarification of guidance 11-12 Salamon recommendations 5 Berlas / Updated based on stakeholder Stakeholder review / input Throughout Salamon review / input 6 Klemens/ Formatting, editing, review revisions Update to current format and Throughout Cozart- style Ramos Revision 2 – October 11, 2016 1 Berlas / Allow use of TLS 1.0 for certain Clarification of guidance Throughout Salamon server through June 2018 Revision 3 – April 30, 2018 1 Berlas / Remove RSA ciphers from approved ROBOT vulnerability affected 4-6 Salamon cipher stack
    [Show full text]
  • Installing Fake Root Keys in a PC
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Royal Holloway - Pure Installing Fake Root Keys in a PC Adil Alsaid and Chris J. Mitchell Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX fA.Alsaid, [email protected] Abstract. If a malicious party can insert a self-issued CA public key into the list of root public keys stored in a PC, then this party could potentially do considerable harm to that PC. In this paper, we present a way to achieve such an attack for the Internet Explorer web browser root key store, which avoids attracting the user's attention. A realisation of this attack is also described. Finally, countermeasures that can be deployed to prevent such an attack are outlined. 1 Introduction As is widely known [10], most web browsers (e.g. Microsoft Internet Explorer or Netscape) have a repository of root public keys designed for use in verify- ing digitally signed public key certi¯cates. These public keys are bundled with distributions of the web browser, and are used to verify certi¯cates for applet providers [13]. Speci¯cally, web-sites may download applets to a user PC without the PC user knowing it. Depending on the security settings selected by the PC user, these applets may be executed with or without further checks. Typically, the browser will only execute the applet if the following conditions are satis¯ed. 1. The applet must be digitally signed, and the signature must verify correctly. 2.
    [Show full text]
  • Configuring SSL for Services and Servers
    Barracuda Web Application Firewall Configuring SSL for Services and Servers https://campus.barracuda.com/doc/4259877/ Configuring SSL for SSL Enabled Services You can configure SSL encryption for data transmitted between the client and the service. In the BASIC > Services page, click Edit next to a listed service and configure the following fields: Status – Set to On to enable SSL on your service. Status defaults to On for a newly created SSL enabled service. Certificate – Select a certificate presented to the browser when accessing the service. Note that only RSA certificates are listed here. If you have not created the certificate, select Generate Certificate from the drop-down list to generate a self-signed certificate. For more information on how to create self- signed certificates, see Creating a Client Certificate. If you want to upload a self-signed certificate, select Upload Certificate from the drop- down list. Provide the details about the certificate in the Upload Certificate dialog box. For information on how to upload a certificate, see Adding an SSL Certificate. Select ECDSA Certificate – Select an ECDSA certificate presented to the browser when accessing the service. SSL/TLS Quick Settings - Select an option to automatically configure the SSL/TLS protocols and ciphers. Use Configured Values - This option allows you to use the previously saved values. If the values are not saved, the Factory Preset option can be used. Factory Preset - This option allows you to enable TLS 1.1, TLS 1.2 and TLS 1.3 protocols without configuring override ciphers. Mozilla Intermediate Compatibility (Default, Recommended) - This configuration is a recommended configuration when you want to enable TLS 1.2 and TLS 1.3 and configure override ciphers for the same.
    [Show full text]
  • Analysis of SSL Certificate Reissues and Revocations in the Wake
    Analysis of SSL Certificate Reissues and Revocations in the Wake of Heartbleed Liang Zhang David Choffnes Dave Levin Tudor Dumitra¸s Northeastern University Northeastern University University of Maryland University of Maryland [email protected] [email protected] [email protected] [email protected] Alan Mislove Aaron Schulman Christo Wilson Northeastern University Stanford University Northeastern University [email protected] [email protected] [email protected] ABSTRACT Categories and Subject Descriptors Central to the secure operation of a public key infrastruc- C.2.2 [Computer-Communication Networks]: Net- ture (PKI) is the ability to revoke certificates. While much work Protocols; C.2.3 [Computer-Communication Net- of users' security rests on this process taking place quickly, works]: Network Operations; E.3 [Data Encryption]: in practice, revocation typically requires a human to decide Public Key Cryptosystems, Standards to reissue a new certificate and revoke the old one. Thus, having a proper understanding of how often systems admin- istrators reissue and revoke certificates is crucial to under- Keywords standing the integrity of a PKI. Unfortunately, this is typi- Heartbleed; SSL; TLS; HTTPS; X.509; Certificates; Reissue; cally difficult to measure: while it is relatively easy to deter- Revocation; Extended validation mine when a certificate is revoked, it is difficult to determine whether and when an administrator should have revoked. In this paper, we use a recent widespread security vul- 1. INTRODUCTION nerability as a natural experiment. Publicly announced in Secure Sockets Layer (SSL) and Transport Layer Secu- April 2014, the Heartbleed OpenSSL bug, potentially (and rity (TLS)1 are the de-facto standards for securing Internet undetectably) revealed servers' private keys.
    [Show full text]
  • Hosting Multiple Certs on One IP
    Hosting multiple SSL Certicates on a single IP S Solving the IPv4 shortage dilemma FULL COMPATIBILITY When it comes to SSL security, hosting companies are increasingly facing In public environments, using SNI alone would mean cutting access to a issues related to IP addresses scarcity. Today every digital certificate used large number of potential site visitors as around 15% of systems (as of to provide an SSL connection on a webserver needs a dedicated IP January 2013) are incompatible with SNI. address, making it difficult for hosting companies to respond to increas- ing demand for security. The true solution GlobalSign has developed a solution to address hosting companies’ operational limitations and to let them run multiple certificates on a By coupling the Server Name Indication technology with SSL Certificates single IP address, at no detriment to browser and operating system and a CloudSSL Certificate from GlobalSign, multiple certificates can compatibility. now be hosted on a single IP without losing potential visitors that might lack SNI support. Host Headers GlobalSign SSL Certificates can be installed on several name-based virtual hosts as per any SNI-based https website. Each website has its To address the current concern of shortage of IPv4 addresses, most own certificate, allowing for even the highest levels of security (such as websites have been configured as name-based virtual hosts for years. Extended Validation Certificates). When several websites share the same IP number, the server will select the website to display based on the name provided in the Host Header. GlobalSign will then provide a free fall-back CloudSSL certificate for legacy configurations, enabling the 15% of visitors that do not have SNI Unfortunately this doesn’t allow for SSL security as the SSL handshake compatibility to access the secure websites on that IP address.
    [Show full text]
  • Perception Financial Services Cyber Threat Briefing Report
    PERCEPTION FINANCIAL SERVICES CYBER THREAT BRIEFING REPORT Q1 2019 1 Notable Cyber Activity within Financial Services Contents January 2019 October 2018 A security researcher discovered that The State Bank of India Between the 4th and 14th October 2018 HSBC reported a number Table of Contents . 1 (SBI), India’s largest bank, had failed to secure a server which of US online bank accounts were accessed by unauthorized users, Welcome . 1 was part of their text-messaging platform. The researcher was with potential access to personal information about the account able to read all messages sent and received by the bank’s ‘SBI holder. HSBC told the BBC this affected fewer than 1% of its 1 Notable Cyber Activity within Financial Services . 2 quick’ enquiry service which contained information on balances, American clients and has not released further information on 2 Threat Actor Profile: The Carbanak Organized Crime Gang . 4 phone numbers and recent transactions. This information could how the unauthorized access occurred. have been used to profile high net worth individuals, or aid social 3 Benefits and challenges of deploying TLS 1.3 . 5 engineering attacks which are one of the most common types of It is likely that this was an example of a credential-stuffing attack, 4 Ethereum Classic (ETC) 51% Attack . 9 financial fraud in India.1 where attackers attempt to authenticate with vast quantities 5 Authoritative DNS Security . 10 of username and password combinations obtained from other December 2018 compromised sites, hoping to find users who have re-used their Kaspersky published a detailed examination of intrusions into credentials elsewhere.
    [Show full text]
  • Trust Me, I'm a Root CA! Analyzing SSL Root Cas in Modern Browsers
    Trust me, I’m a Root CA! Analyzing SSL Root CAs in modern Browsers and Operating Systems Tariq Fadai, Sebastian Schrittwieser Peter Kieseberg, Martin Mulazzani Josef Ressel Center for Unified Threat Intelligence SBA Research, on Targeted Attacks, Austria St. Poelten University of Applied Sciences, Austria Email: [pkieseberg,mmulazzani]@sba-research.org Email: [is101005,sebastian.schrittwieser]@fhstp.ac.at Abstract—The security and privacy of our online communi- tected communications is dependent on the trustworthiness cations heavily relies on the entity authentication mechanisms of various companies and governments. It is therefore of provided by SSL. Those mechanisms in turn heavily depend interest to find out which companies we implicitly trust just on the trustworthiness of a large number of companies and governmental institutions for attestation of the identity of SSL by using different operating system platforms or browsers. services providers. In order to offer a wide and unobstructed In this paper an analysis of the root certificates included in availability of SSL-enabled services and to remove the need various browsers and operating systems is introduced. Our to make a large amount of trust decisions from their users, main contributions are: operating systems and browser manufactures include lists of certification authorities which are trusted for SSL entity • We performed an in-depth analysis of Root Certifi- authentication by their products. This has the problematic cate Authorities in modern operating systems and web effect that users of such browsers and operating systems browsers implicitly trust those certification authorities with the privacy • We correlated them against a variety of trust indexes of their communications while they might not even realize it.
    [Show full text]
  • How Organisations Can Properly Configure SSL Services to Ensure the Integrity and Confidentiality of Data in Transit”
    An NCC Group Publication “SS-Hell: the Devil is in the details” Or “How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit” Prepared by: Will Alexander Jerome Smith © Copyright 2014 NCC Group Contents 1 Introduction .................................................................................................................................................... 3 2 Protocols ........................................................................................................................................................ 3 3 Cipher Suites ................................................................................................................................................. 4 4 Certificates ..................................................................................................................................................... 5 4.1 Self-Signed or Untrusted Certificates ................................................................................................... 5 4.2 Mismatched Hostnames ....................................................................................................................... 6 4.3 Wildcard Certificates ............................................................................................................................. 6 4.4 Extended Validation Certificates .......................................................................................................... 7 4.5 Certificate Validity Period ....................................................................................................................
    [Show full text]
  • SSL Insight Certificate Installation Guide Deployment Guide | SSL Insight Certificate Installation Guide
    DEPLOYMENT GUIDE SSL Insight Certificate Installation Guide Deployment Guide | SSL Insight Certificate Installation Guide Table of Contents Introduction ....................................................................................................................................................................................................................................3 Generating CA Certificates for SSL Insight ...................................................................................................................................................................3 Importing a CA Certificate and Certificate Chain onto the A10 Thunder SSLi Device .....................................................................5 Installing a Certificate in Microsoft Windows 7 for Internet Explorer..........................................................................................................6 Installing a Certificate in Google Chrome ................................................................................................................................................................10 Installing a Certificate in Mozilla Firefox .....................................................................................................................................................................13 About A10 Networks ..............................................................................................................................................................................................................15
    [Show full text]
  • Certificate Authority Trust List
    Certificate Authority Trust List First Published: January 31, 2020 Certificate Authority Trust List The following is the list of trusted Certificate Authorities embedded in the following devices: Cisco IP Phone 7800 Series, as of release 12.7 Cisco IP Phone 8800 Series, as of release 12.7 For Mobile and Remote Access through Expressway, the Expressway server must be signed against one of these Certificate Authorities. Fingerprint Subject 342cd9d3062da48c346965297f081ebc2ef68fdc C=AT, L=Vienna, ST=Austria, O=ARGE DATEN - Austrian Society for Data Protection, OU=GLOBALTRUST Certification Service, CN=GLOBALTRUST, [email protected] 4caee38931d19ae73b31aa75ca33d621290fa75e C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-nQual-03, CN=A- Trust-nQual-03 cd787a3d5cba8207082848365e9acde9683364d8 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-02, CN=A- Trust-Qual-02 2e66c9841181c08fb1dfabd4ff8d5cc72be08f02 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Root-05, CN=A- Trust-Root-05 84429d9fe2e73a0dc8aa0ae0a902f2749933fe02 C=AU, O=GOV, OU=DoD, OU=PKI, OU=CAs, CN=ADOCA02 51cca0710af7733d34acdc1945099f435c7fc59f C=BE, CN=Belgium Root CA2 a59c9b10ec7357515abb660c4d94f73b9e6e9272 C=BE, O=Certipost s.a., n.v., CN=Certipost E-Trust Primary Normalised CA 742cdf1594049cbf17a2046cc639bb3888e02e33 C=BE, O=Certipost s.a., n.v., CN=Certipost E-Trust Primary Qualified CA Cisco Systems, Inc. www.cisco.com 1 Certificate Authority
    [Show full text]
  • Practical Issues with TLS Client Certificate Authentication
    Practical Issues with TLS Client Certificate Authentication Arnis Parsovs Software Technology and Applications Competence Center, Estonia University of Tartu, Estonia [email protected] Abstract—The most widely used secure Internet communication Active security research is being conducted to improve standard TLS (Transport Layer Security) has an optional client password security, educate users on how to resist phishing certificate authentication feature that in theory has significant attacks, and to fix CA trust issues [1], [2]. However, the attacks security advantages over HTML form-based password authenti- mentioned above can be prevented or their impact can be cation. In this paper we discuss practical security and usability greatly reduced by using TLS client certificate authentication issues related to TLS client certificate authentication stemming (CCA), since the TLS CCA on the TLS protocol level protects from the server-side and browser implementations. In particular, we analyze Apache’s mod_ssl implementation on the server the client’s account on a legitimate server from a MITM side and the most popular browsers – Mozilla Firefox, Google attacker even in the case of a very powerful attacker who has Chrome and Microsoft Internet Explorer on the client side. We obtained a valid certificate signed by a trusted CA and who complement our paper with a measurement study performed in thus is able to impersonate the legitimate server. We believe Estonia where TLS client certificate authentication is widely used. that TLS CCA has great potential for improving Internet We present our recommendations to improve the security and security, and therefore in this paper we discuss current issues usability of TLS client certificate authentication.
    [Show full text]
  • Avocent® ACS 6000 Advanced Console Server Release Notes Version 3.1.0.8 UPDATE! July 24, 2015
    Avocent® ACS 6000 Advanced Console Server Release Notes Version 3.1.0.8 UPDATE! July 24, 2015 This document outlines: 1. Update Instructions 2. Appliance Firmware Version Information 3. Features/Enhancements 4. Bug Fixes =================================================================================== 1. Update Instructions =================================================================================== NOTE: Please refer to the ACS 6000 Installation/Administration/User Guide for detailed instructions on updating the ACS 6000 console server to version 3.1.0. IMPORTANT NOTE: This version should be upgraded from version 2.5.0-11 or newer. Appliances with earlier versions should be upgraded to version 2.5.0-11 or newer before the upgrade to version 3.1.0.8. In order to have all features listed in this release available through DSView™ management software, DSView™ software version 4.5.0.123 or later and ACS 6000 console server plug-in version 3.1.0.4 are required. After the ACS 6000 console server firmware has been upgraded to version 3.1.0, it is mandatory that the web browser cache of any system which intends to be connected to the ACS 6000 console server web interface is cleared. To do this, press Ctrl-F5 from the browser. ACS 6000 console server firmware version 3.1.0 provides an internal mechanism which preserves the existing configuration when upgrading from firmware version 3.0.0. However, it is strongly recommended that you back up the system configuration before the firmware version upgrade. =================================================================================== 2. Appliance Firmware Version Information =================================================================================== Appliance/Product Firmware Type Version Filename Avocent® ACS 6000 Opcode V_3.1.0.8 avoImage_avctacs-3.1.0-8.bin Console Server avoImage_avctacs-3.1.0-8.bin.md5 =================================================================================== 3.
    [Show full text]