[BlueOnyx:22949] Re: Vulnerability with CBC ciphers

Larry Smith lesmith at ecsis.net
Sun Jun 16 13:07:41 -05 2019 

Michael,

  Thank you, well thought out response.

-- 
Larry Smith
lesmith at ecsis.net

On Sun June 16 2019 10:49, Michael Stauber wrote:
> Hi Larry,
>
> > Any discussion on how the vulnerabilities in
> > just about anything using cipher block chaining (CBC)
> > affect BlueOnyx ?
>
> Yeah, I've been looking at that recently when SSLlabs started showing
> anything CBC related as "weak".
>
> Take 5209R for example. We allow 17 cipher suites for HTTPS. Eight of
> them use CBC.
>
> That's half of our ECDHE ciphers. If I cut out the CBC ciphers, too,
> then we're down to only *eight* supported cipher suites for TLS v1.2,
> which is the only version of TLS we allow on 5209R, having turned off
> TLS v1.1 and v1.0.
>
> Now take 5207R/5208R and it gets absurd:
>
> There we're already down to 12 still supported cipher suites. If I cut
> out CBC there, we'd be down to *four* cipher suites left for TLS v1.2
> and *zero* for TLS v1.1 and TLS v1.0 being turned off anyway.
>
> It get's worse when you look at which browsers it would affect and then
> you realize that eliminating CBC would force most Microsoft browsers to
> use cipher suites that are in general much weaker.
>
> So what's the actual danger?
> =============================
>
> See
> https://docs.microsoft.com/en-us/dotnet/standard/security/vulnerabilities-c
>bc-mode
>
> I could try to summarize the problem, but I'm not yet having had enough
> coffee to make it coherent emough. It's a multi-part attack: Messing
> with the padding and running a timing on the resonse. Actual response
> and timing give you a tell.
>
> But that doesn't mean that every cipher suite that uses CBC is outright
> vulnerable. If the cipher suite uses data integrity check (via a MAC or
> an asymmetric digital signature), then this attack won't work.
>
> All cipher suites that we still allow use SHA256 or SHA for data
> integrity checks. That takes one tell out of the equation.
>
> I'm not sure if we should take CBC out of circulation at this time. My
> best guess is that it's too early for this and we'd need to wait a
> little until the browser makers have caught up a little more.
>
> I'll keep an eye on it might drop CBC within the next couple of weeks if
> that's what the general consensus is on that topic. As said: In this
> combination with SHA signing it might not be *that* much of an issue
> anyway.

More information about the Blueonyx mailing list