CVE-2011-3389: BEAST Attack SSL/TLS Vulnerability - Disabling SSL/TLS 1.0/TLS 1.1
Introduction
SSL(Secure Sockets Layer)/TLS(Transport Layer Security) are cryptographic protocols designed to provide a secure connection over a network. SSL is technically deprecated as it is unsecure, but the term is still commonly used to refer to TLS. This protocol is widely used to secure web browsing, emails, and other forms of data exchange to prevent eavesdropping and tampering.
The following are the current and deprecated protocols in use for communication security.
| Protocol | Published | Status | Key Features |
|---|---|---|---|
| SSL 2.0 | 1995 | Deprecated 2011 | First public version, very vulnerable |
| SSL 3.0 | 1996 | Deprecated 2015 | Imporved security over SSL 2.0, vulnerable to attacks like POODLE |
| TLS 1.0 | 1999 | Deprecated 2021 | First version TLS, considered weak and outdate |
| TLS 1.1 | 2006 | Deprecated 2021 | Additional protection against certain attacks but considered week and outdated |
| TLS 1.2 | 2008 | In use | Stong security, most widely used protocl today that supports modern crypto algorithms |
| TLS 1.3 | 2018 | In use | Latest version with imporved performance and security, reduced handshake latency |
Attackers are targeting these older, deprecated protocols in environments because they are considered low-hanging fruit now. But unfortunately this vulnerability exists in many modern environments today, as older systems aren't updated or maintained.
The BEAST Attack
If you've ever ran a vulnerability scanner in an environment with TLS 1.0/SSL enabled, then you've probably seen this vulnerability appear a good bit.
The BEAST attack stands for Browser Exploit Against SSL/TLS. The attack was first discovered by researchers Thai Duong and Juliano Rizzo in 2011. That was a rather long time ago but the unfortunate reality is that many webservers still have TLS 1.0 or SSL protocol versions still enabled.
How the BEAST Attack Works
Attackers can tap into communication between the web server and your web browser using a man-in-the-middle attack. Once this is done, the attack can then identify the encryption used and if it is TLS 1.0, or older, then the encryption can be deciphered and broken quite quickly. Allowing the attacker to listen in on the conversation.
This attack exploits the way that TLS 1.0 handles block ciphers. Specifically, the initialization vectors (IVs) in cipher block chaining (CBC) mode. The attacker can break the block cipher by using the initialization vector as their known variable. Then decrypting data one byte at a time, making it possible to eavesdrop on the communication between the server and client.
Mitigation and Fixes
The main fix for this vulnerability is to disable TLS 1.0 and older protocols. It is recommended to also disable TLS 1.1 as it is deprecated.
Always make sure you follow proper change control processes and testing before implementing!
Microsoft Windows Remediation
IIS Crypto Tool
If you would like a free easy tool, I recommend IIS Crypto by Nartac Software. This provides a simple GUI, but you have to manually do it per machine/server.
Group Policy
Group policy is good way to mass roll out this change to multiple servers/workstations.
- Open Group Policy Management Console on your domain controller and navigate to the OU where the policy will be linked.
- Right click on the OU and select "Create a GPO in this domain, and Link it here..."
- Give the new GPO and name and select "OK"
- Under Linked Group Policy Objects, right the policy just crated and select "Edit"
- Navigate to Computer Configurations > Preferences > Windows Settings > Registry. Create a new registry by right clicking in the blank space New > Registry Item.
- The new registry item action will be set to 'Update'. The Hive and Key Path will be configured according to the respective entries in the following chart. The Value Type will be REG_DWORD, and the value will be as specified in the table.
- Use the following table to set the proper registry keys for the services you're trying to disable. Each one will need a registry entry.
| Protocol | Hive | Registry Key | Value |
|---|---|---|---|
| TLS 1.0 | HKEY_LOCAL_MACHINE | SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client\DisableByDefault | 1 |
| HKEY_LOCAL_MACHINE | SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server\Enabled | 0 | |
| HKEY_LOCAL_MACHINE | SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server\DisableByDefault | 1 | |
| TLS 1.1 | HKEY_LOCAL_MACHINE | SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client\DisableByDefault | 1 |
| HKEY_LOCAL_MACHINE | SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\Enabled | 0 | |
| HKEY_LOCAL_MACHINE | SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server\DisableByDefault | 1 |
- After the Group Policy is pushed, you will have to reboot the server/workstation for changes to take affect.
Apache Web Server
To disable deprecated versions of SSL/TLS with a Linux based Apache Web Server, use the following steps:
- Navigate to /etc/httpd/conf.d/ssl.conf and edit it using a text editor like nano.
sudo nano /etc/httpd/conf.d/ssl.conf- Find the SSLProtocol directive and change it to the following to only allow TLS 1.2.
SSLProtocol TLSv1.2- Save the file and restart httpd.
sudo systemctl restart httpd