Anything in this story of concern?

Darren Pilgrim list_freebsd at bluerosetech.com
Tue Sep 10 19:05:40 UTC 2013 

On 9/9/2013 5:51 AM, Mark Felder wrote:
> I'm still waiting for someone to thoroughly analyze this question
>
> What's worse: the possibility that NSA has cracked RC4 or being
> vulnerable to BEAST/CRIME?

They're both equally bad, IMO.  BEAST/CRIME are known, usable exploits. 
  RC4 isn't proven broken, but it has been shown as weaker than 
expected, so 128-bit RC4 << 128-bit AES in terms of strength.  That does 
mean if you're subject to certain privacy constraints, you must disable RC4.

AFAIK there aren't yet any usable exploits against RC4's weaker status 
and it's still much stronger than 64-bit crypto--the point at which it's 
currently accepted as brute-force vulnerable.

Currently, BEAST has been effectively mitigated client-side and most 
major applications now support 1.1 or later.

Current Firefox and Thunderbird use NSS 3.14, which supports 1.1, but 
the apps have it disabled by default (set security.tls.version.max=2 in 
each to enable).  Firefox 24 should have NSS 3.15.1 and thus support 1.2.

IE on Windows 7/8 supports TLS 1.1 and 1.2, but have them disabled by 
default.  IE 11 is supposed to have them enabled by default; but this is 
Microsoft, so we can't know until bits are out the door.

Chrome, Opera and Safari support both and have them enabled by default.

At the OS level, Windows and OS X both have 1.1 and 1.2 support.  If 
your *nix of choice has OpenSSL 1.0.1, it has 1.1 and 1.2 support. 
OpenSSL is tricky because most apps only give you cipherspec control. 
Via cipherspec, !SSLv3 also turns off TLS 1.1 because it leaves only the 
1.2-only AES-GCM ciphers.  Some OpenSSL-based apps, like Postfix and 
nginx, have the ability to also specify a protocol filter.


tl;dr:

- Disable RC4, it's weak.
- Upgrade your user apps.
- Upgrade OpenSSL to 1.0.1 (via ports, it's easy).
- Deploy TLS 1.1 and 1.2 on your servers today.
- Leave SSLv3/TLSv1.0 enabled only for cases where you can't control the 
remote end's SSL capabilities.
- Recommended OpenSSL 1.0.1 cipherspec:

ALL:HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:@STRENGTH

More information about the freebsd-security mailing list