TLS/SSL Weak Cipher Suites
Description
The remote host supports TLS/SSL cipher suites that use weak or deprecated cryptographic algorithms. These cipher suites may employ outdated encryption methods (such as RC4, DES, or 3DES), insufficient key lengths (less than 128 bits), or vulnerable cipher modes like CBC (Cipher Block Chaining). Weak cipher suites can be exploited by attackers to decrypt sensitive communications, perform man-in-the-middle attacks, or compromise data integrity through various cryptographic attacks including brute-force decryption and padding oracle vulnerabilities.
Remediation
Immediate Actions:
- Disable All Weak Cipher Suites: Remove support for cipher suites using deprecated or weak algorithms including RC4, DES, 3DES, and any ciphers with key lengths below 128 bits. Also disable export-grade ciphers and anonymous cipher suites.
- Remove CBC-Mode Cipher Suites: Eliminate all cipher suites using CBC (Cipher Block Chaining) mode to prevent padding oracle attacks. CBC-mode implementations have repeatedly proven vulnerable to timing attacks such as POODLE and Lucky Thirteen, and should be replaced with authenticated encryption modes.
- Enable Authenticated Encryption: Configure your server to prioritize cipher suites using authenticated encryption with associated data (AEAD), such as AES-GCM (Galois Counter Mode) or ChaCha20-Poly1305. These modes provide both confidentiality and integrity protection without CBC vulnerabilities.
- Implement Perfect Forward Secrecy: Enable cipher suites that use ephemeral key exchange algorithms (ECDHE or DHE) to ensure that past communications remain secure even if the server's private key is later compromised.
- Upgrade to TLS 1.2 or TLS 1.3: Disable SSLv2, SSLv3, TLS 1.0, and TLS 1.1. Use TLS 1.2 as the minimum version, or preferably TLS 1.3, which only supports secure cipher suites by design and eliminates many legacy vulnerabilities.
- Configure Proper Cipher Suite Order: Set the server to prefer strong cipher suites and enforce server-side cipher suite preference to prevent clients from selecting weaker options.
Implementation Examples:
For Apache (httpd.conf or ssl.conf):
SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder on
For Nginx (nginx.conf):
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'; ssl_prefer_server_ciphers on;
For IIS (via PowerShell):
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value 1 -PropertyType 'DWord' New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value 0 -PropertyType 'DWord'
Verification and Maintenance:
- Test your configuration using tools like SSL Labs' SSL Server Test (ssllabs.com/ssltest) to verify that only strong cipher suites are enabled
- Regularly review and update cipher suite configurations as cryptographic standards evolve and new vulnerabilities are discovered
- Monitor security advisories from NIST, IETF, and other standards bodies for updates on cipher suite recommendations
- Document your cipher suite configuration and include it in your security baseline for consistency across all servers