[BlueOnyx:22947] Re: Vulnerability with CBC ciphers

Michael Stauber mstauber at blueonyx.it
Sun Jun 16 10:49:04 -05 2019 

Hi Larry,

> Any discussion on how the vulnerabilities in 
> just about anything using cipher block chaining (CBC)
> affect BlueOnyx ?

Yeah, I've been looking at that recently when SSLlabs started showing
anything CBC related as "weak".

Take 5209R for example. We allow 17 cipher suites for HTTPS. Eight of
them use CBC.

That's half of our ECDHE ciphers. If I cut out the CBC ciphers, too,
then we're down to only *eight* supported cipher suites for TLS v1.2,
which is the only version of TLS we allow on 5209R, having turned off
TLS v1.1 and v1.0.

Now take 5207R/5208R and it gets absurd:

There we're already down to 12 still supported cipher suites. If I cut
out CBC there, we'd be down to *four* cipher suites left for TLS v1.2
and *zero* for TLS v1.1 and TLS v1.0 being turned off anyway.

It get's worse when you look at which browsers it would affect and then
you realize that eliminating CBC would force most Microsoft browsers to
use cipher suites that are in general much weaker.

So what's the actual danger?
=============================

See
https://docs.microsoft.com/en-us/dotnet/standard/security/vulnerabilities-cbc-mode

I could try to summarize the problem, but I'm not yet having had enough
coffee to make it coherent emough. It's a multi-part attack: Messing
with the padding and running a timing on the resonse. Actual response
and timing give you a tell.

But that doesn't mean that every cipher suite that uses CBC is outright
vulnerable. If the cipher suite uses data integrity check (via a MAC or
an asymmetric digital signature), then this attack won't work.

All cipher suites that we still allow use SHA256 or SHA for data
integrity checks. That takes one tell out of the equation.

I'm not sure if we should take CBC out of circulation at this time. My
best guess is that it's too early for this and we'd need to wait a
little until the browser makers have caught up a little more.

I'll keep an eye on it might drop CBC within the next couple of weeks if
that's what the general consensus is on that topic. As said: In this
combination with SHA signing it might not be *that* much of an issue anyway.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list