This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I disable some cipher suites in Webserver Protection?

After running an SSL check for one of our sites, which is served by our UTM, it turned up that we have 3 weak ciphers being supported by the UTM:

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA _0xc012_ ECDH secp256r1 _eq. 3072 bits RSA_ FS WEAK 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA _0x16_ DH 2048 bits FS WEAK 112
TLS_RSA_WITH_3DES_EDE_CBC_SHA _0xa_ WEAK 112

How do I disable these ciphers?



This thread was automatically locked due to age.
Parents
  • I have chased these issues, and what follows below are from my notes.  The current settings vary with the UTM release.   The new settings are suggestions, which you should be able to tailor to your preference by mimicking the examples.

    HIGH, MEDIUM, and LOW are OpenSSL keywords which correspond to a bundle of ciphers.   Only HIGH ciphers are considered acceptable anymore.

    To test the cipher results for any given keyword combination, you can use this command from the shell

    openssl ciphers keywordlist

    Except that not (like !MD5 ) commands, you need to add an escape from the shell, 

    for example: 

    openssl ciphers HIGH:\!MD5:\!SHA1

    -------------------------------------------------

     

     

    Applies to: WebAdmin, User Portal, Mail Manager, SPX Reply Portal

    cd /var/sec/chroot-httpd/etc/httpd/

    vi httpd.conf
    --- Current -----
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!ADH:!AECDH:!MD5:!DSS:!3DES
    SSLProtocol +TLSv1.1 +TLSv1.2
    --- New -----
    SSLCipherSuite HIGH:!MD5:!SHA1
    SSLProtocol +TLSv1.2
    -------------

    /etc/init.d/httpd restart

    *** completed **** still have cert issue
    ==================================================================

    Applies to: WAF ReverseProxy

    cd /var/chroot-reverseproxy/usr/apache/conf/

    vi httpd.conf
    --- Current -----
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:ECDH+3DES:DH+3DES:RSA+3DES:!aNULL:!MD5:!DSS
    SSLProtocol all -SSLv2 -SSLv3
    --- New -----
    SSLCipherSuite HIGH:!MD5:!SHA1
    SSLProtocol +TLSv1.2
    -------------

    /var/mdw/scripts/reverseproxy restart

  • Excellent, Doug - thanks for holding on to that!

    In newer versions, things are a little different for WAF.  Instead of making those changes in httpd.conf, they must be made in reverseproxy.conf which is now an Include in httpd.conf.

    Before looking at reverseproxy.conf, I set "TLSv1.2" as the 'Minimum TLS version' on the 'Advanced' tab.  Instead of SSLProtocol all -SSLv2 -SSLv3, I found SSLProtocol -all +TLSv1.2, which meant that can be changed in the GUI.  BenediktWehr has suggested allowing a separate TLS setting in each Virtual Server definition;  I could find no place where the SSLCipherSuite could be permanently changed, so there's a risk that such a manual change might be overwritten.

    Since there's an httpd.conf-default in /var/sec/chroot-httpd/etc/httpd/, I assume configuration changes in the GUI might also overwrite any manual changes.

    Let's hope that one of the Sophos folks visits this thread.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob,

     

    Do you know if there are any changes/updates in the roadmap to address this issue?

    Currently we have a client that is failing their PCI audit scans because they have a couple of road warriors that need SSL VPN access to work from abroad. With the SSL VPN enabled on the Sophos UTM their PCI audit shows the following. Also, 'Minimum TLS version' has been set to TLS v1.2 in the Webserver protection\Web Application Firewall\Advanced tab.

     

    Weak Encryption Ciphers identified on VPN Device
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
    method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
    method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
    method: pre-shared key, DH Group: Group 5
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
    method: pre-shared key, DH Group: Group 14
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
    method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
    method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
    method: pre-shared key, DH Group: Group 5
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
    method: pre-shared key, DH Group: Group 14

        
    Weak Diffie-Hellman groups identified on VPN Device
    Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
    type: SHA, Auth method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
    type: SHA, Auth method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
    type: MD5, Auth method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: AES, Key Length: 256, Hash
    type: MD5, Auth method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
    method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: SHA, Auth
    method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
    method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: 3DES, Hash type: MD5, Auth
    method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: SHA,
    Auth method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: SHA,
    Auth method: pre-shared key, DH Group: Group 2
    Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: MD5,
    Auth method: pre-shared key, DH Group: Group 1
    Transform Set:: Mode: Main, Encryption: BLOWFISH, Hash type: MD5,
    Auth method: pre-shared key, DH Group: Group 2

  • Those look more like they're related to IPsec.  I've not seen that in a PCI scan before.  Who's the PCI scanner?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes my apologies, in addition to the SSL VPN users they also have an IPSec tunnel built between two of their locations. The profile being used is the default Sophos AES-256 PFS (ACC) which is using DH group 5 and PFS group 5. The PCI scanner is Trustwave

  • I think all that is required is to delete the offending ciphers from the configuration at:   Site-To-Site VPN... IPSEc... Policies (tab). 

    The Policies list seems to be one of the few places in UTM where a feature does not have an on/off switch.

    I think your constraints are:

    • Encryption algorithms:   Any variant of AES
    • Hash Algorithm:   Any variant of SHA2
    • DH And PFS groups:   Group 14 or higher

    Remote Access SSL VPN can only be configured with one ciphersuite, so I would be troubled if UTM offered more options than what the GUI says it will offer.  Glad that it appears to have been a false alarm on this item, but please let us know if it reappears as a concern.

  • Thanks for the reply. That was my initial thought- just delete the policies. But in some cases I'm seeing policies that cannot be deleted (the ones that say "[(auto-generated by ACC)]")

    I've attached an image to show an example of what I mean. I may be overlooking something obvious but I have no idea how those were created. The blue background and the text that says "acc-agent.plx" makes me think they were created by the SUM manager, but I've never pushed any IPSec policies using SUM and I'm pretty sure I've seen those policies exist on units that were fresh from the factory. How do I delete those?

  • I don't know.   I have only one option that is not removable:

    L2TP-over-IPsec [Policy used for L2TP-over-IPsec]
    Compression off, not using strict policy.
    IKE Settings: 3DES / SHA1 / Group 14: MODP 2048 Lifetime: 28800 seconds
    IPsec Settings: 3DES / MD5 / Null (None) Lifetime: 3600 seconds

    However, L2TP-over-IPSEC is off, and I do not see anywhere that the ciphersuite can be configured.

    Sounds like a good question for support.   We will eagerly await your findings, because lots of us have to worry about PCI.

  • I would make a config backup before deleting anything.  I don't think deleting the policies deletes the underlying ciphers and DH groups.  Note that deleting a policy doesn't change the ciphers and DH groups offered in the configuration of a policy.

    If they're not using any IPsec-based remote access (L2TP/IPsec, IPsec or Cisco) and are just using Site-to-Site, blackhole DNAT all IPsec traffic except that from the other ends of the tunnels:

    1. NoNAT : {IPs of desired connections} -> IPsec -> {Group of all "(Address)" objects on WAN interfaces}
    2. DNAT   : Internet IPv4 -> IPsec -> {Group of all "(Address)" objects on WAN interfaces} : to {240.0.0.1}

    Refer to #2 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • RE: "I don't think deleting the policies deletes the underlying ciphers and DH groups."

    The system allows you to roll your own IPSEC policies from the component parts, and the components are fixed lists, so I cannot imagine that the components would be deleted either.  But the policies are what is available for offer to an IPSEC connection, so removing the policy should be sufficient for the PCI complaint, at least for the ones that the system will permit to be removed.

  • Some of those hits in the scan were for non-existent combinations in the policies I see here, Doug, e.g., 3DES/SHA/DH-Group-5.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • So the long story short is if you enable the 'Strict Policy' option on the IPSec policy it resolves the issue. Why that isn't by default, I have no idea. And why the Sophos will respond to IPSec policies that aren't even listed in profiles, and in fact claim to be disabled entirely in the config files under the hood, Sophos support doesn't know.

    I did my own scanning to verify and found that without the 'Strict Policy' option enabled the Sophos will respond to and negotiate a SA with the following:

     

    Encryption

    Hash

    DH group

    Blowfish

    MD5

    1

    Blowfish

    MD5

    2

    Blowfish

    MD5

    5

    Blowfish

    MD5

    14

    Blowfish

    SHA1

    1

    Blowfish

    SHA1

    2

    Blowfish

    SHA1

    5

    Blowfish

    SHA1

    14

    Blowfish

    SHA2-256

    1

    Blowfish

    SHA2-256

    2

    Blowfish

    SHA2-256

    5

    Blowfish

    SHA2-256

    14

    Blowfish

    SHA2-384

    1

    Blowfish

    SHA2-384

    2

    Blowfish

    SHA2-384

    5

    Blowfish

    SHA2-384

    14

    Blowfish

    SHA2-512

    1

    Blowfish

    SHA2-512

    2

    Blowfish

    SHA2-512

    5

    Blowfish

    SHA2-512

    14

    3DES

    MD5

    1

    3DES

    MD5

    2

    3DES

    MD5

    5

    3DES

    MD5

    14

    3DES

    SHA1

    1

    3DES

    SHA1

    2

    3DES

    SHA1

    5

    3DES

    SHA1

    14

    3DES

    SHA2-256

    1

    3DES

    SHA2-256

    2

    3DES

    SHA2-256

    5

    3DES

    SHA2-256

    14

    3DES

    SHA2-384

    1

    3DES

    SHA2-384

    2

    3DES

    SHA2-384

    5

    3DES

    SHA2-384

    14

    3DES

    SHA2-512

    1

    3DES

    SHA2-512

    2

    3DES

    SHA2-512

    5

    3DES

    SHA2-512

    14

    AES128

    MD5

    1

    AES128

    MD5

    2

    AES128

    MD5

    5

    AES128

    MD5

    14

    AES128

    SHA1

    1

    AES128

    SHA1

    2

    AES128

    SHA1

    5

    AES128

    SHA1

    14

    AES128

    SHA2-256

    1

    AES128

    SHA2-256

    2

    AES128

    SHA2-256

    5

    AES128

    SHA2-256

    14

    AES128

    SHA2-384

    1

    AES128

    SHA2-384

    2

    AES128

    SHA2-384

    5

    AES128

    SHA2-384

    14

    AES128

    SHA2-512

    1

    AES128

    SHA2-512

    2

    AES128

    SHA2-512

    5

    AES128

    SHA2-512

    14

    AES192

    MD5

    1

    AES192

    MD5

    2

    AES192

    MD5

    5

    AES192

    MD5

    14

    AES192

    SHA1

    1

    AES192

    SHA1

    2

    AES192

    SHA1

    5

    AES192

    SHA1

    14

    AES192

    SHA2-256

    1

    AES192

    SHA2-256

    2

    AES192

    SHA2-256

    5

    AES192

    SHA2-256

    14

    AES192

    SHA2-384

    1

    AES192

    SHA2-384

    2

    AES192

    SHA2-384

    5

    AES192

    SHA2-384

    14

    AES192

    SHA2-512

    1

    AES192

    SHA2-512

    2

    AES192

    SHA2-512

    5

    AES192

    SHA2-512

    14

    AES256

    MD5

    1

    AES256

    MD5

    2

    AES256

    MD5

    5

    AES256

    MD5

    14

    AES256

    SHA1

    1

    AES256

    SHA1

    2

    AES256

    SHA1

    5

    AES256

    SHA1

    14

    AES256

    SHA2-256

    1

    AES256

    SHA2-256

    2

    AES256

    SHA2-256

    5

    AES256

    SHA2-256

    14

    AES256

    SHA2-384

    1

    AES256

    SHA2-384

    2

    AES256

    SHA2-384

    5

    AES256

    SHA2-384

    14

    AES256

    SHA2-512

    1

    AES256

    SHA2-512

    2

    AES256

    SHA2-512

    5

    AES256

    SHA2-512

    14

Reply
  • So the long story short is if you enable the 'Strict Policy' option on the IPSec policy it resolves the issue. Why that isn't by default, I have no idea. And why the Sophos will respond to IPSec policies that aren't even listed in profiles, and in fact claim to be disabled entirely in the config files under the hood, Sophos support doesn't know.

    I did my own scanning to verify and found that without the 'Strict Policy' option enabled the Sophos will respond to and negotiate a SA with the following:

     

    Encryption

    Hash

    DH group

    Blowfish

    MD5

    1

    Blowfish

    MD5

    2

    Blowfish

    MD5

    5

    Blowfish

    MD5

    14

    Blowfish

    SHA1

    1

    Blowfish

    SHA1

    2

    Blowfish

    SHA1

    5

    Blowfish

    SHA1

    14

    Blowfish

    SHA2-256

    1

    Blowfish

    SHA2-256

    2

    Blowfish

    SHA2-256

    5

    Blowfish

    SHA2-256

    14

    Blowfish

    SHA2-384

    1

    Blowfish

    SHA2-384

    2

    Blowfish

    SHA2-384

    5

    Blowfish

    SHA2-384

    14

    Blowfish

    SHA2-512

    1

    Blowfish

    SHA2-512

    2

    Blowfish

    SHA2-512

    5

    Blowfish

    SHA2-512

    14

    3DES

    MD5

    1

    3DES

    MD5

    2

    3DES

    MD5

    5

    3DES

    MD5

    14

    3DES

    SHA1

    1

    3DES

    SHA1

    2

    3DES

    SHA1

    5

    3DES

    SHA1

    14

    3DES

    SHA2-256

    1

    3DES

    SHA2-256

    2

    3DES

    SHA2-256

    5

    3DES

    SHA2-256

    14

    3DES

    SHA2-384

    1

    3DES

    SHA2-384

    2

    3DES

    SHA2-384

    5

    3DES

    SHA2-384

    14

    3DES

    SHA2-512

    1

    3DES

    SHA2-512

    2

    3DES

    SHA2-512

    5

    3DES

    SHA2-512

    14

    AES128

    MD5

    1

    AES128

    MD5

    2

    AES128

    MD5

    5

    AES128

    MD5

    14

    AES128

    SHA1

    1

    AES128

    SHA1

    2

    AES128

    SHA1

    5

    AES128

    SHA1

    14

    AES128

    SHA2-256

    1

    AES128

    SHA2-256

    2

    AES128

    SHA2-256

    5

    AES128

    SHA2-256

    14

    AES128

    SHA2-384

    1

    AES128

    SHA2-384

    2

    AES128

    SHA2-384

    5

    AES128

    SHA2-384

    14

    AES128

    SHA2-512

    1

    AES128

    SHA2-512

    2

    AES128

    SHA2-512

    5

    AES128

    SHA2-512

    14

    AES192

    MD5

    1

    AES192

    MD5

    2

    AES192

    MD5

    5

    AES192

    MD5

    14

    AES192

    SHA1

    1

    AES192

    SHA1

    2

    AES192

    SHA1

    5

    AES192

    SHA1

    14

    AES192

    SHA2-256

    1

    AES192

    SHA2-256

    2

    AES192

    SHA2-256

    5

    AES192

    SHA2-256

    14

    AES192

    SHA2-384

    1

    AES192

    SHA2-384

    2

    AES192

    SHA2-384

    5

    AES192

    SHA2-384

    14

    AES192

    SHA2-512

    1

    AES192

    SHA2-512

    2

    AES192

    SHA2-512

    5

    AES192

    SHA2-512

    14

    AES256

    MD5

    1

    AES256

    MD5

    2

    AES256

    MD5

    5

    AES256

    MD5

    14

    AES256

    SHA1

    1

    AES256

    SHA1

    2

    AES256

    SHA1

    5

    AES256

    SHA1

    14

    AES256

    SHA2-256

    1

    AES256

    SHA2-256

    2

    AES256

    SHA2-256

    5

    AES256

    SHA2-256

    14

    AES256

    SHA2-384

    1

    AES256

    SHA2-384

    2

    AES256

    SHA2-384

    5

    AES256

    SHA2-384

    14

    AES256

    SHA2-512

    1

    AES256

    SHA2-512

    2

    AES256

    SHA2-512

    5

    AES256

    SHA2-512

    14

Children