After running an SSL check for one of our sites, which is served by our UTM, it turned up that we have 3 weak ciphers being supported by the UTM:
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA _0xc012_ ECDH secp256r1 _eq. 3072 bits RSA_ FS WEAK 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA _0x16_ DH 2048 bits FS WEAK 112
TLS_RSA_WITH_3DES_EDE_CBC_SHA _0xa_ WEAK 112
How do I disable these ciphers?
I have chased these issues, and what follows below are from my notes. The current settings vary with the UTM release. The new settings are suggestions, which you should be able to tailor to your preference by mimicking the examples.
HIGH, MEDIUM, and LOW are OpenSSL keywords which correspond to a bundle of ciphers. Only HIGH ciphers are considered acceptable anymore.
To test the cipher results for any given keyword combination, you can use this command from the shell
openssl ciphers keywordlist
Except that not (like !MD5 ) commands, you need to add an escape from the shell,
for example:
openssl ciphers HIGH:\!MD5:\!SHA1
-------------------------------------------------
Applies to: WebAdmin, User Portal, Mail Manager, SPX Reply Portal
cd /var/sec/chroot-httpd/etc/httpd/
vi httpd.conf
--- Current -----
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5:!DSS:!3DES
SSLProtocol +TLSv1.1 +TLSv1.2
--- New -----
SSLCipherSuite HIGH:!MD5:!SHA1
SSLProtocol +TLSv1.2
-------------
/etc/init.d/httpd restart
*** completed **** still have cert issue
==================================================================
Applies to: WAF ReverseProxy
cd /var/chroot-reverseproxy/usr/apache/conf/
vi httpd.conf
--- Current -----
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:ECDH+3DES:DH+3DES:RSA+3DES:!aNULL:!MD5:!DSS
SSLProtocol all -SSLv2 -SSLv3
--- New -----
SSLCipherSuite HIGH:!MD5:!SHA1
SSLProtocol +TLSv1.2
-------------
/var/mdw/scripts/reverseproxy restart
I have chased these issues, and what follows below are from my notes. The current settings vary with the UTM release. The new settings are suggestions, which you should be able to tailor to your preference by mimicking the examples.
HIGH, MEDIUM, and LOW are OpenSSL keywords which correspond to a bundle of ciphers. Only HIGH ciphers are considered acceptable anymore.
To test the cipher results for any given keyword combination, you can use this command from the shell
openssl ciphers keywordlist
Except that not (like !MD5 ) commands, you need to add an escape from the shell,
for example:
openssl ciphers HIGH:\!MD5:\!SHA1
-------------------------------------------------
Applies to: WebAdmin, User Portal, Mail Manager, SPX Reply Portal
cd /var/sec/chroot-httpd/etc/httpd/
vi httpd.conf
--- Current -----
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5:!DSS:!3DES
SSLProtocol +TLSv1.1 +TLSv1.2
--- New -----
SSLCipherSuite HIGH:!MD5:!SHA1
SSLProtocol +TLSv1.2
-------------
/etc/init.d/httpd restart
*** completed **** still have cert issue
==================================================================
Applies to: WAF ReverseProxy
cd /var/chroot-reverseproxy/usr/apache/conf/
vi httpd.conf
--- Current -----
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:ECDH+3DES:DH+3DES:RSA+3DES:!aNULL:!MD5:!DSS
SSLProtocol all -SSLv2 -SSLv3
--- New -----
SSLCipherSuite HIGH:!MD5:!SHA1
SSLProtocol +TLSv1.2
-------------
/var/mdw/scripts/reverseproxy restart
Excellent, Doug - thanks for holding on to that!
In newer versions, things are a little different for WAF. Instead of making those changes in httpd.conf, they must be made in reverseproxy.conf which is now an Include in httpd.conf.
Before looking at reverseproxy.conf, I set "TLSv1.2" as the 'Minimum TLS version' on the 'Advanced' tab. Instead of SSLProtocol all -SSLv2 -SSLv3, I found SSLProtocol -all +TLSv1.2, which meant that can be changed in the GUI. BenediktWehr has suggested allowing a separate TLS setting in each Virtual Server definition; I could find no place where the SSLCipherSuite could be permanently changed, so there's a risk that such a manual change might be overwritten.
Since there's an httpd.conf-default in /var/sec/chroot-httpd/etc/httpd/, I assume configuration changes in the GUI might also overwrite any manual changes.
Let's hope that one of the Sophos folks visits this thread.
Cheers - Bob
Bob is correct. You can limit WAF to use TLS v1.2 only (under Advanced), which will also removes the weak ciphers.
We did not want to remove the ciphers from the default list because it may cause compatibility issues with existing customers. If you want to remove these ciphers, setting 'TLS v1.2 only' is the recommended approach.
You can also modify reverseproxy.conf on the backend as others have suggested, but the changes will be overwritten by any change in the UI.
Thanks all for your valuable feedback. Its true that in UTM WebAdmin's newer version we can select the "TLS 1.1 or above" or "TLS1.2 only" under "Advanced" tab . I used "TLS 1.1 or above" and then used a Penetration Testing tool to verify the WAF functionality, the weak ciphers were still enabled but I need to test it with the other option "TLS 1.2 only" as suggested by DouglasFoster.
Thanks,
Asif
Hi,
If we use "TLS v1.2" option in UTM (Verison 9.5) WebAdmin's under "Webserver Protection ---> Web Application Firewall ----> Advanced" tab, then weak ciphers are disabled and can be verified through "/var/chroot-reverseproxy/usr/apache/conf/reverseproxy.conf" file.
Bob,
Do you know if there are any changes/updates in the roadmap to address this issue?
Currently we have a client that is failing their PCI audit scans because they have a couple of road warriors that need SSL VPN access to work from abroad. With the SSL VPN enabled on the Sophos UTM their PCI audit shows the following. Also, 'Minimum TLS version' has been set to TLS v1.2 in the Webserver protection\Web Application Firewall\Advanced tab.
Weak Encryption Ciphers identified on VPN Device
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
method: pre-shared key, DH Group: Group 5
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
method: pre-shared key, DH Group: Group 14
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
method: pre-shared key, DH Group: Group 5
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
method: pre-shared key, DH Group: Group 14
Weak Diffie-Hellman groups identified on VPN Device
Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
type: SHA, Auth method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
type: SHA, Auth method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
type: MD5, Auth method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
type: MD5, Auth method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: SHA,
Auth method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: SHA,
Auth method: pre-shared key, DH Group: Group 2
Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: MD5,
Auth method: pre-shared key, DH Group: Group 1
Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: MD5,
Auth method: pre-shared key, DH Group: Group 2
Those look more like they're related to IPsec. I've not seen that in a PCI scan before. Who's the PCI scanner?
Cheers - Bob
Yes my apologies, in addition to the SSL VPN users they also have an IPSec tunnel built between two of their locations. The profile being used is the default Sophos AES-256 PFS (ACC) which is using DH group 5 and PFS group 5. The PCI scanner is Trustwave
I think all that is required is to delete the offending ciphers from the configuration at: Site-To-Site VPN... IPSEc... Policies (tab).
The Policies list seems to be one of the few places in UTM where a feature does not have an on/off switch.
I think your constraints are:
Remote Access SSL VPN can only be configured with one ciphersuite, so I would be troubled if UTM offered more options than what the GUI says it will offer. Glad that it appears to have been a false alarm on this item, but please let us know if it reappears as a concern.
