Properly Configure Server-side SSL
Details
Many web servers allow lower encryption settings, such as the very weak, export-grade 40-bit encryption. Implement a strong cipher suite to protect information used in creating shared keys, encrypting messages between clients and servers, and generating message hashes and signatures that ensure the integrity of those messages. Also be sure to disable weak protocols.
Remediation
Ensure SSL certificates are properly installed and configured for the highest encryption possible. If possible, enable only strong ciphers (128-bit and up).
TLSv1 is more than 10 years old and was found vulnerable to a “renegotiation attack” in 2009.
- Most servers using TLSv1 have been patched to close this vulnerability, but you should verify this for relevant servers.
- The TLSv1 protocol has been updated and the more current TLSv1.2 offers the latest technology and strongest encryption ciphers available. Updating to the newer version of TLS should harden and future-proof the application.
Avoid weak ciphers, such as:
- NULL cipher suite
- Anonymous Diffie-Hellmann
- DES and RC4 because of their vulnerability to crypto-analytical attacks (NOTE: iOS 10 disables RC4 by default)
Avoid weak protocols, such as:
- SSLv2
- SSLv3 because of its vulnerability to the POODLE attack - CVE-2014-3566 (NOTE: In iOS 10, the Apple Secure Transport API no longer supports SSLv3)
- TLS 1.0 and earlier because the protocols are vulnerable to the CRIME (CVE-2012-4929) and BEAST (CVE-2011-3389) attacks
Reference the OWASP Transport Layer Protection Cheat Sheet for more information about how to securely design and configure transport layer security for an app.
References
- Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010 - http://op-co.de/blog/posts/android_ssl_downgrade/
CWE/OWASP
- OWASP Mobile Top 10: M3 - Insecure Communication
- CWE: CWE-326 - Inadequate Encryption Strength