On 5/8/12 6:15 PM, Lukas T. wrote:
Hi Hajo,
BEAST has nothing todo with weak ciphers. Because the workaround is to prefer
RC4 over AES from the server side, you are not excluding any browsers (however, a
short check with the oldest supported platform isn’t a bad idea either).
My advice to the OP is that if you want to provide secure connections
for your users, you will simply not support browsers that only use
insecure ciphers so I believe this is a non-issue. I wouldn’t purport to
provide a “secure” connection with an insecure cipher. Let your users
upgrade to a a 21st century browser. Shame on them if they haven’t.
I noticed the documentation about the default of the ssl_ciphers keyword isn’t
up-to-date: !ADH was replaced with !aNULL in 1.0.5 [2]. Can someone update the
docs?
Somewhat off topic but:
Perhaps it is reasonable to suggest that another change to the defaults
in light of BEAST.
We use OpenSSL 1.01 and support TLS versions 1.0,1.1, and 1.2 and use
the following:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!DH:!EDH;
ssl_prefer_server_ciphers on;
Using latest Opera of IE browsers TLS v1.2 is used along with one of the
first two ciphers which I believe are not available in SSL v3.0 or TLS
v1.0. Since TLS v1.2 is not vulnerable to BEAST those connections should
be “secure”.
In browsers like Firefox and Chrome (and presumably Safari, but I don’t
know how to tell), TLS v1.0 is used and an RC4 cipher is selected. This
again provides protection against beast.
While this approach won’t work for users without a recent OpenSSL
release, the following might work for earlier versions as “more secure”
default settings:
ssl_ciphers RC4:HIGH:!MD5:!aNULL:!DH:!EDH;
ssl_prefer_server_ciphers on;
[1] Module ngx_http_ssl_module
[2] Re: [PATCH] Disable Anonymous ECDH ciphersuites by default
–
Jim O.