TLS is capable of using a multitude of ciphers (algorithms) to create the public and private key pairs. For example if TLSv1.0 uses either the RC4 stream cipher, or a block cipher in CBC mode. RC4 is known to have biases and the block cipher in CBC mode is vulnerable to the POODLE attack. TLSv1.0, if configured to use the same cipher suites as SSLv3, includes a means by which a TLS implementation can downgrade the connection to SSL v3.0, thus weakening security. A POODLE-type (https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls) attack could also be launched directly at TLS without negotiating a downgrade. This QID will be marked as a Fail for PCI as of November 1st, 2016 in accordance with the new standards. For existing implementations, Merchants will be able to submit a PCI False Positive / Exception Request and provide proof of their Risk Mitigation and Migration Plan, which will result in a pass for PCI up until June 30th, 2018. Further details can be found at: NEW PCI DSS v3.2 and Migrating from SSL and Early TLS v1.1 (https://community.qualys.com/message/34120)
Impact An attacker can exploit cryptographic flaws to conduct man-in-the-middle type attacks or to decryption communications. For example: An attacker could force a downgrade from the TLS protocol to the older SSLv3.0 protocol and exploit the POODLE vulnerability, read secure communications or maliciously modify messages. A POODLE-type (https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls) attack could also be launched directly at TLS without negotiating a downgrade.
Disable the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol such as TLSv1.2.
- sslyze_cli.py Fast and full-featured SSL scanner for Python 2.7. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.
This command will only work for those services that supports SMTP. If you see Any Preferred or Accepted Cipher Suite in the Scan Results then TLSv1 is still enabled.
Command
sslyze_cli.py --starttls=smtp --tlsv1 192.168.1.222:25
Vulnerable Output
AVAILABLE PLUGINS
-----------------
CertificateInfoPlugin
SessionRenegotiationPlugin
OpenSslCcsInjectionPlugin
HeartbleedPlugin
HstsPlugin
FallbackScsvPlugin
OpenSslCipherSuitesPlugin
CompressionPlugin
SessionResumptionPlugin
CHECKING HOST(S) AVAILABILITY
-----------------------------
192.168.1.222:25 => 192.168.1.222:25
SCAN RESULTS FOR 192.168.1.222:25 - 192.168.1.222:25
------------------------------------------------------
* TLSV1 Cipher Suites:
Preferred:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits
Accepted:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits
SCAN COMPLETED IN 0.34 S
------------------------
If you see Any Preferred or Accepted Cipher Suite in the Scan Results then TLSv1 is still enabled.
Command
sslyze_cli.py --tlsv1 192.168.1.222:25
Vulnerable Output
AVAILABLE PLUGINS
-----------------
CertificateInfoPlugin
SessionRenegotiationPlugin
OpenSslCcsInjectionPlugin
HeartbleedPlugin
HstsPlugin
FallbackScsvPlugin
OpenSslCipherSuitesPlugin
CompressionPlugin
SessionResumptionPlugin
CHECKING HOST(S) AVAILABILITY
-----------------------------
192.168.1.222:25 => 192.168.1.222:25
SCAN RESULTS FOR 192.168.1.222:25 - 192.168.1.222:25
------------------------------------------------------
* TLSV1 Cipher Suites:
Preferred:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits
Accepted:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH-1024 bits 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH-1024 bits 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DH-1024 bits 112 bits
TLS_RSA_WITH_3DES_EDE_CBC_SHA - 112 bits
SCAN COMPLETED IN 0.34 S
------------------------