Symantec IGA

Hello..

 We run a vulnerability scan on CA Directory server and we found that DSAs SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
 As per documentation there is no configuration on set ssl command to change this behavior. Anybody knows if is possible to change the DH key size value for DSAs?


------------------------------
Best Regards!
Bruno Trindade
------------------------------

Hi Bruno,

CA Directory supports Ciphers with key size = 2048, see here
  https://docops.ca.com/ca-directory/14-1/en/reference/supported-standards-and-protocols/hashing-formats/encryption-formats-for-ssl

Have you tried to configure 'set ssl' like the following and run vulnerability scan again?

set ssl = {

  cert-dir = "C:\Program Files\CA\Directory\dxserver\config\ssld\personalities"

  ca-file = "C:\Program Files\CA\Directory\dxserver\config\ssld\impd_trusted.pem"

  cipher = "HIGH:MEDIUM:!SSLv3:!SSLv2:!3DES"

  protocol = tlsv12

  fips = false

};

Regards,
Widjaja

Original Message:
Sent: 09-23-2019 03:54 PM
From: Bruno Cesar Trindade
Subject: CA Directory | Diffie-Hellman key exhange insufficient DH group strength

Hello..

 We run a vulnerability scan on CA Directory server and we found that DSAs SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
 As per documentation there is no configuration on set ssl command to change this behavior. Anybody knows if is possible to change the DH key size value for DSAs?


------------------------------
Best Regards!
Bruno Trindade
------------------------------

Hi Widjaja,

 Thanks for your response!
 I applied the changes you suggested and in despite of the ciphers was restricted to high complexity I saw that the minimum DH size remains the same as before
==================================================================================.
TLSv1.2:
server selection: uses client preferences
3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA256
3-- (key: RSA) RSA_WITH_AES_256_CBC_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_128_CBC_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_256_CBC_SHA256
3fA (key: none) DH_anon_WITH_AES_128_CBC_SHA256
3fA (key: none) DH_anon_WITH_AES_256_CBC_SHA256
3-- (key: RSA) RSA_WITH_AES_128_GCM_SHA256
3-- (key: RSA) RSA_WITH_AES_256_GCM_SHA384
3f- (key: RSA) DHE_RSA_WITH_AES_128_GCM_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_256_GCM_SHA384
3fA (key: none) DH_anon_WITH_AES_128_GCM_SHA256
3fA (key: none) DH_anon_WITH_AES_256_GCM_SHA384
3f- (key: RSA) ECDHE_RSA_WITH_AES_128_CBC_SHA256
3f- (key: RSA) ECDHE_RSA_WITH_AES_256_CBC_SHA384
3f- (key: RSA) ECDHE_RSA_WITH_AES_128_GCM_SHA256
3f- (key: RSA) ECDHE_RSA_WITH_AES_256_GCM_SHA384
=========================================
+++++ SSLv3/TLS: 1 certificate chain(s)
+++ chain: length=2
names match: yes
includes root: yes
signature hash(es): SHA-256
+ certificate order: 0
thumprint: 6CD7FDEC4027258046D71ED0C397B302A1F4613D
serial: 02
subject: CN=***-management-ui,O=management-ui
issuer: CN=GenCA,O=MgmtUI,C=AU
valid from: 2019-06-27 20:53:47 UTC
valid to: 2020-06-26 20:53:47 UTC
key type: RSA
key size: 2048
sign hash: SHA-256
server names:
***-management-ui
+ certificate order: 1
thumprint: 5FDC64409152115D8192E93DED277EE9FF733DBF
serial: 01
subject: CN=GenCA,O=MgmtUI,C=AU
issuer: CN=GenCA,O=MgmtUI,C=AU
valid from: 2019-06-27 20:53:46 UTC
valid to: 2020-06-26 20:53:46 UTC
key type: RSA
key size: 2048
sign hash: SHA-256
(self-issued)
=========================================
Server compression support: no
Server sends a random system time.
Secure renegotiation support: yes
Encrypt-then-MAC support (RFC 7366): no
SSLv2 ClientHello format (for SSLv3+): yes
Minimum DH size: 1024
DH parameter reuse: no
Minimum EC size (no extension): 256
Minimum EC size (with extension): 256
ECDH parameter reuse: no
Supported curves (size and name) ('*' = selected by server):
281 sect283k1 (K-283)
282 sect283r1 (B-283)
407 sect409k1 (K-409)
408 sect409r1 (B-409)
569 sect571k1 (K-571)
570 sect571r1 (B-571)
256 secp256k1
* 256 secp256r1 (P-256)
384 secp384r1 (P-384)
521 secp521r1 (P-521)
256 brainpoolP256r1
384 brainpoolP384r1
512 brainpoolP512r1
=========================================
WARN[CS006]: Server supports cipher suites with no forward secrecy.
WARN[SK002]: Server uses DH parameters smaller than 2048 bits.
==================================================================================

 What I see here is that we can disable less secure ciphers but we can't change the minimum DH size and the scan is pointing this as vulnerable. Does it make sense for you?

------------------------------
Best Regards!
Bruno Trindade
------------------------------

Original Message:
Sent: 09-23-2019 09:57 PM
From: Widjaja Sangtoki
Subject: CA Directory | Diffie-Hellman key exhange insufficient DH group strength

Hi Bruno,

CA Directory supports Ciphers with key size = 2048, see here
  https://docops.ca.com/ca-directory/14-1/en/reference/supported-standards-and-protocols/hashing-formats/encryption-formats-for-ssl

Have you tried to configure 'set ssl' like the following and run vulnerability scan again?

set ssl = {

  cert-dir = "C:\Program Files\CA\Directory\dxserver\config\ssld\personalities"

  ca-file = "C:\Program Files\CA\Directory\dxserver\config\ssld\impd_trusted.pem"

  cipher = "HIGH:MEDIUM:!SSLv3:!SSLv2:!3DES"

  protocol = tlsv12

  fips = false

};

Regards,
Widjaja

Original Message:
Sent: 09-23-2019 03:54 PM
From: Bruno Cesar Trindade
Subject: CA Directory | Diffie-Hellman key exhange insufficient DH group strength

Hello..

 We run a vulnerability scan on CA Directory server and we found that DSAs SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
 As per documentation there is no configuration on set ssl command to change this behavior. Anybody knows if is possible to change the DH key size value for DSAs?


------------------------------
Best Regards!
Bruno Trindade
------------------------------

Hi Bruno,

Thanks for clarification. I believe we need to consult Engineering with regards to this issue.
And I realize you have a call ticket open for this issue too. Please follow up in the call ticket and we should get answer for you there. 

Regards,
Widjaja.
Original Message:
Sent: 09-24-2019 09:54 AM
From: Bruno Trindade
Subject: CA Directory | Diffie-Hellman key exhange insufficient DH group strength

Hi Widjaja,

 Thanks for your response!
 I applied the changes you suggested and in despite of the ciphers was restricted to high complexity I saw that the minimum DH size remains the same as before
==================================================================================.
TLSv1.2:
server selection: uses client preferences
3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA256
3-- (key: RSA) RSA_WITH_AES_256_CBC_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_128_CBC_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_256_CBC_SHA256
3fA (key: none) DH_anon_WITH_AES_128_CBC_SHA256
3fA (key: none) DH_anon_WITH_AES_256_CBC_SHA256
3-- (key: RSA) RSA_WITH_AES_128_GCM_SHA256
3-- (key: RSA) RSA_WITH_AES_256_GCM_SHA384
3f- (key: RSA) DHE_RSA_WITH_AES_128_GCM_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_256_GCM_SHA384
3fA (key: none) DH_anon_WITH_AES_128_GCM_SHA256
3fA (key: none) DH_anon_WITH_AES_256_GCM_SHA384
3f- (key: RSA) ECDHE_RSA_WITH_AES_128_CBC_SHA256
3f- (key: RSA) ECDHE_RSA_WITH_AES_256_CBC_SHA384
3f- (key: RSA) ECDHE_RSA_WITH_AES_128_GCM_SHA256
3f- (key: RSA) ECDHE_RSA_WITH_AES_256_GCM_SHA384
=========================================
+++++ SSLv3/TLS: 1 certificate chain(s)
+++ chain: length=2
names match: yes
includes root: yes
signature hash(es): SHA-256
+ certificate order: 0
thumprint: 6CD7FDEC4027258046D71ED0C397B302A1F4613D
serial: 02
subject: CN=***-management-ui,O=management-ui
issuer: CN=GenCA,O=MgmtUI,C=AU
valid from: 2019-06-27 20:53:47 UTC
valid to: 2020-06-26 20:53:47 UTC
key type: RSA
key size: 2048
sign hash: SHA-256
server names:
***-management-ui
+ certificate order: 1
thumprint: 5FDC64409152115D8192E93DED277EE9FF733DBF
serial: 01
subject: CN=GenCA,O=MgmtUI,C=AU
issuer: CN=GenCA,O=MgmtUI,C=AU
valid from: 2019-06-27 20:53:46 UTC
valid to: 2020-06-26 20:53:46 UTC
key type: RSA
key size: 2048
sign hash: SHA-256
(self-issued)
=========================================
Server compression support: no
Server sends a random system time.
Secure renegotiation support: yes
Encrypt-then-MAC support (RFC 7366): no
SSLv2 ClientHello format (for SSLv3+): yes
Minimum DH size: 1024
DH parameter reuse: no
Minimum EC size (no extension): 256
Minimum EC size (with extension): 256
ECDH parameter reuse: no
Supported curves (size and name) ('*' = selected by server):
281 sect283k1 (K-283)
282 sect283r1 (B-283)
407 sect409k1 (K-409)
408 sect409r1 (B-409)
569 sect571k1 (K-571)
570 sect571r1 (B-571)
256 secp256k1
* 256 secp256r1 (P-256)
384 secp384r1 (P-384)
521 secp521r1 (P-521)
256 brainpoolP256r1
384 brainpoolP384r1
512 brainpoolP512r1
=========================================
WARN[CS006]: Server supports cipher suites with no forward secrecy.
WARN[SK002]: Server uses DH parameters smaller than 2048 bits.
==================================================================================

 What I see here is that we can disable less secure ciphers but we can't change the minimum DH size and the scan is pointing this as vulnerable. Does it make sense for you?

------------------------------
Best Regards!
Bruno Trindade

Original Message:
Sent: 09-23-2019 09:57 PM
From: Widjaja Sangtoki
Subject: CA Directory | Diffie-Hellman key exhange insufficient DH group strength

Hi Bruno,

CA Directory supports Ciphers with key size = 2048, see here
  https://docops.ca.com/ca-directory/14-1/en/reference/supported-standards-and-protocols/hashing-formats/encryption-formats-for-ssl

Have you tried to configure 'set ssl' like the following and run vulnerability scan again?

set ssl = {

  cert-dir = "C:\Program Files\CA\Directory\dxserver\config\ssld\personalities"

  ca-file = "C:\Program Files\CA\Directory\dxserver\config\ssld\impd_trusted.pem"

  cipher = "HIGH:MEDIUM:!SSLv3:!SSLv2:!3DES"

  protocol = tlsv12

  fips = false

};

Regards,
Widjaja

Original Message:
Sent: 09-23-2019 03:54 PM
From: Bruno Cesar Trindade
Subject: CA Directory | Diffie-Hellman key exhange insufficient DH group strength

Hello..

 We run a vulnerability scan on CA Directory server and we found that DSAs SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).
 As per documentation there is no configuration on set ssl command to change this behavior. Anybody knows if is possible to change the DH key size value for DSAs?


------------------------------
Best Regards!
Bruno Trindade
------------------------------