Last month, the United States National Security Agency (NSA) released a full report of obsolete Transport Layer Security (TLS) protocol configurations, along with the details, risks and recommended strategies in eliminating the outdated versions.
As described by the NSA, such protocols include TLS and Secure Sockets Layer (SSL), which create private, secure channels between a server and client using encryption and authentication. While the standards and most products have been updated, implementations often have not kept up – which the NSA guidance aims to distinguish and mitigate.
Photo Credit: Bleeping Computer
According to the NSA, organisations should avoid using SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 protocols, and only use TLS 1.2 or TLS 1.3. This is to ensure robust protection to sensitive data while it is in transit over a network.
As for cypher suites, which refers to the negotiated and agreed-upon set of cryptographic algorithms for the TLS transmission, the NSA suggested that especially weak encryption algorithms in TLS 1.2, designated as NULL, RC2, RC4, DES, IDEA and TDES/3DES, should not be used.
Additionally, cypher suites using weak key exchange mechanisms, including EXPORT or ANON, should not be used. The NSA also recommends that for RSA key transport and DH/DHE key exchange, keys less than 2048 bits should not be used, along with ECDH/ECDHE using custom curves.
These are key agreement protocols that allow two parties, each having public-private key pair, to establish a shared secret over an insecure channel.
“Detecting systems that negotiate obsolete TLS versions or cypher suites or use weak keys is a first step that will help prioritise remediation. Once detected, an organisation’s servers and clients negotiating obsolete TLS sessions should be reconfigured to meet the requirements of Commercial National Security Algorithms (CNSSP) 15”, added the NSA.
In detecting such obsolete protocols, the NSA provided some tools and guides in their report, mentioning signatures that can monitor obsolete TLS can be simplified using this strategy:
First, identify clients offering and servers negotiating obsolete TLS versions. If a client offers or a server negotiates SSL 2.0, SSL 3.0 or an obsolete TLS version, no further traffic analysis is required and remediation strategies should be employed.
Next, for sessions using TLS 1.2, analysts should identify and remediate devices using obsolete cypher suites. Identify clients only offering and servers negotiating obsolete TLS cypher suites and update their configurations to be compliant. Note for TLS 1.3, neither NIST nor CNSS identify cypher suites that must not be used – however, CNSA compliant configurations should be followed.
Finally, for sessions using TLS 1.2 or TLS 1.3 and recommended cypher suites, analysts should identify and remediate devices using weak key exchange methods.
According to the NSA, using obsolete TLS configurations provides a false sense of security since it looks like the data is protected, even though it really is not.
“Make a plan to weed out obsolete TLS configurations in the environment by detecting, remediating and then blocking obsolete TLS versions, cypher suites and finally key exchange methods. Prepare for cryptographic agility to always stay ahead of malicious actors’ abilities and protect important information”, the NSA added.
The agency also explained that by using such guidance, government network owners can make informed decisions to enhance their cybersecurity posture. The NSA also urged all network owners and operators to consider taking these actions to reduce their risk exposure and make their systems harder targets for malicious threat actors since these risks affect all networks.