awselb 2014.2.19, intermediate config supports weak DH parameters #84
Comments
|
Yeah, there's not a ton I can do there. Thankfully it's pretty unlikely for DHE to be selected for almost any client these days. Do you have any suggestions? |
|
We could use a different set of cipher suites for Classic Load Balancers. For example, for Application Load Balancers, we use the |
|
Yes, but I don't think it's necessarily great to have a completely different set of cipher suites for just one specific server. ELB is different in that it doesn't give you a choice, but it otherwise makes it incredibly hard to support and be correct with what clients are supported. Keep in mind that DHE is already only going to be negotiated for IE11 Clients on Windows 7, so it's a pretty small group, and assuming Amazon frequently rotates DH parameters, it's unlikely to be a significant problem. I would be fine adding a note to the ALB config to indicate that AWS uses weak DH paramaters. |
|
For example, you can see that the HTTP Observatory backend is using this ALB: And only IE11 negotiated this. |
|
I’m also concerned with the perception of this configuration. If one configures their Classic Load Balancer with the intermediate config, they might be surprised and feel uncomfortable with receiving a warning on SSL Labs (which also caps the grade to B). How about using the exact same cipher suites as the |
|
Well there's manually maintained list of ciphers for ssl-config-generator/src/js/configs.js Line 31 in 454a235 so a quick hack might be just removing the DHE values intentionally if we know they only use short keys, and they won't be matched for output then… (but that would kill them off for both intermediate AND old which is probably not the ideal outcome:/…)
BTW the available cipher list hasn't been updated in a while, too. It'd be great if anyone could check the current output of if there's any change. |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
janbrasna
added
documentation
|
The AWS announcement 3061 also mentioned:
Nonetheless I wasn't able to find any further reference if that key size update really happened and what is in use today. I will look into adding a comment to the output, mentioning possible short keys and a hint to remove DHE lines if the kind of compatibility is not necessary for given consumer.
Oh the issue is ELBs don't support those policies at all, see the list: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html#tls-protocols |
As far as I understand, this is only the list of predefined security policies. You can always create a custom security policy. Could we create a custom policy that uses the same cipher suites as the |
|
I'm not sure they support the same cipher suites to construct the equivalent policy (we're now on (However that doesn't match what was being used for configuring the intersections of cipher settings, as Does someone here have any ELB instance available from outside, configured with moz |
|
So I went ahead and set up a few EC2 instances to check the key exchange — and unfortunately it's still 1024b almost 10 years later — so we really should be excluding them at least from Expand for logs (TLSv1.2 with DHE-RSA-AES256-GCM-SHA384):
~ % openssl s_client -connect ffdh-test-15538***93.us-east-1.elb.amazonaws.com:443 -cipher '@SECLEVEL=1:DHE-RSA-AES256-GCM-SHA384'
Connecting to 54.84.2*1.35
CONNECTED(00000006)
[…]
verify return:1
---
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Nov 9 18:28:27 2024 GMT; NotAfter: Nov 9 18:28:27 2025 GMT
---
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
~ * ~ * ~ * ~ * ^^^^^^^^^^^^^ … !!! ~ * ~ * ~ * ~
---
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
Protocol: TLSv1.2
Server public key is 2048 bit
Secure Renegotiation IS supported
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: 9A815AF…BA02C611C05
Session-ID-ctx:
Master-Key: 11EC4B66596…CC1C0188463C178
Extended master secret: no
---Open the current list of available HTTPS settings to select "custom" security policy from:
SSL protocols SSL options SSL ciphers |
|
@sonicdoe 🤙 FYI let me know how you'd like https://fix-awselb-dhe--mozsslconf-dev.netlify.app/#server=awselb (preview/WIP), that basically keeps the list complete, allowing folks to flip the switch if they know what they are doing, but lists those as disabled with some rationale added… |
|
@sonicdoe ping. |
The awselb 2014.2.19, intermediate config supports weak Diffie-Hellman (DH) key exchange parameters, capping the Qualys SSL Labs grade to B.
As far as I know, Classic Load Balancers always use 1024-bit keys and Amazon Web Services instead recommends disabling DHE cipher suites. See Announcement: Announcing ELB security update to disable Diffie-Hellman key agreement from May 2015.
The text was updated successfully, but these errors were encountered: