According to section 4.1 of the the Payment Card Industry Data Security Standard (PCI-DSS) v1.2, merchants handling credit card data are required to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.”
What does this mean? In order to validate your PCI DSS compliance in this area you will need to ensure that your relevant server(s) within your PCI environment are configured to disallow Secure Sockets Layer (SSL) version 2 as well as "weak" cryptography. You are also required to have quarterly PCI security vulnerability scans conducted against your externally facing PCI systems. Without disabling SSLv2 and weak ciphers you are almost guaranteed to fail the scans. In turn this will lead to falling out of compliance along with the associated risks and consequences.
The SSLv2 Conundrum
Does your server support SSLv2?
How to test:
You will need to have OpenSSL installed on the system that you will perform the tests from. Once installed, use the following command to test your web server, assuming port 443 is where you're providing https connections:
# openssl s_client -ssl2 -connect SERVERNAME:443
If the server does not support SSLv2 you should receive an error similar to the following:
# openssl s_client -ssl2 -connect SERVERNAME:443
CONNECTED(00000003)
458:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
How to configure Apache v2 to not accept SSLv2 connections:
You will need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file.
An example would be editing the following lines to look similar to:
SSLProtocol -ALL +SSLv3 +TLSv1
Restart the Apache process and ensure that the server is functional. Also retest using OpenSSL to confirm that SSLv2 is no longer accepted.
How to configure Microsoft IIS to not accept SSLv2 connections:
You will need to modify the system’s registry.
Merge the following keys to the Windows registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
Restart the system and ensure that the server is functional. Also retest using OpenSSL to confirm that SSLv2 is no longer accepted.
Those Pesky Weak SSL Ciphers
Does your server support weak SSL ciphers?
How to test:
You will need to have OpenSSL installed on the system that you will perform the tests from. Once installed, use the following command to test your web server, assuming port 443 is where you're providing https connections:
# openssl s_client -connect SERVERNAME:443 -cipher LOW:EXP
If the server does not support weak ciphers you should receive an error similar to the following:
# openssl s_client -connect SERVERNAME:443 -cipher LOW:EXP
CONNECTED(00000003)
461:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
How to configure Apache v2 to not accept weak SSL ciphers:
You will need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file.
An example would be editing the following lines to look similar to:
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Restart the Apache process and ensure that the server is functional. Also retest using OpenSSL to confirm that weak SSL ciphers are no longer accepted.
How to configure Microsoft IIS to not accept weak SSL ciphers:
You will need to modify the system’s registry.
Merge the following keys to the Windows registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]
"Enabled"=dword:0000000
Restart the system and ensure that the server is functional. Also retest using OpenSSL to confirm that weak SSL ciphers are no longer accepted..
At this point have your Approved Scanning Vendor (ASV) scan your external facing PCI environment to validate. Making the above changes should cause the ASV scans to not tag and fail you on the following vulnerabilities:
- SSL Server Supports Weak Encryption
- SSL Server Allows Cleartext Encryption
- SSL Server May Be Forced to Use Weak Encryption
- SSL Server Allows Anonymous Authentication
Steve
###
Very informative and well-written. Thanks a lot.
ReplyDeleteSuggestions for improvements:
Why not list all weak ciphers?
How do I disable weak ciphers with Apache v1, instructions in the blog are written for Apache v2.
Vladi - thank you for the suggestions. I've made a couple of adjustments to the blog post:
ReplyDelete1. Stated that the instructions for Apache are for version 2.
2. Included additional weak ciphers to be disabled within SSLCipherSuite, including null ciphers.
I recommend upgrading to Apache 2...if possible. Apache 2 fixes a number of vulnerabilities in the Apache version 1 series.
For fun (haha...really), the following command will list all weak ciphers supported by the system:
openssl ciphers -v 'SSLv3:+HIGH:-MEDIUM:-LOW'
The output from that list can be massaged into the SSLCipherSuite option. As a sanity check, make sure that the ciphers listed within SSLCipherSuite aren't actually supported strong ciphers that you want. The following command will list all supported strong ciphers for the sanity comparison:
openssl ciphers -v 'HIGH:+MEDIUM:-LOW'
-Steve
Nice complete article.
ReplyDeleteI threw together a tool to list all supported ciphers and SSL features supported.
SSL-Cipher-Check.
It's just a wrapper for openssl and gnutls but many have found it useful.
MadHat - thanks for including the link to your scripts for identifying supported SSL ciphers. Good stuff!
ReplyDeleteThanks
ReplyDeleteFeedback and requests for features are welcome.
Not sure what else would be useful right now.
Scan multiple hosts, network segments? Different output format?
That's for the article it worked great for IIS. But I also have OpenSSL on my Windows 2000 Server and I can't figure out how to disable weak ciphers.
ReplyDeleteThanks for your help.
Thanks
ReplyDeleteGreat article. very helpful.
Adnan
jamespwalters - my strong recommendation is to move away from Windows 2000 if you're supporting a service that requires PCI compliance.
ReplyDeleteGreat, great well written post!
ReplyDeleteSilly Question, but why not use
"SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH"
instead of
"SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"
to leave out MEDIUM ciphers when configuring apache/modssl?
I created a tool for doing this on IIS: http://foundeo.com/products/iis-weak-ssl-ciphers/
ReplyDeleteYes! I finally got my website to pass the Security Metrics PCI Compliance test with the "Disable SSLv2and weak ciphers" problem being the last painful hurdle! Thanks to the discussion here I finally got it - thanks for the clear and concise information.
ReplyDeleteDoes anyone know how to do this on Ubuntu server please? These instructions don;t seem to work and SSLv2 is still alive and kicking :(
ReplyDeletetried these steps in Apache 2.2.3 on CentOS 5.2 box, restarted service and system as well but no avail. No error but SSLv2 still there and not able to connect to SSLv3. Pls suggest.
ReplyDeletetried on Apache 2.2.3 (centOS 5.2). Restarted service and system as well but no avail. SSLv2 still there and giving error while trying connecting to SSLv3. pls suggest.
ReplyDeleteI have the weak SSLCiphers for different ports and SSLb2 for my mail serverice.
ReplyDeleteI followed instruction here. It didn't solve the problem. My question is how do I know if I have updated conf files for all ports?
Alan
I am looking to disable ssl v2. I'm wondering what happens if a customer hits my site with one of these old browsers and trys to checkout with v2 if I've disabled it.
ReplyDeleteYou may have to add the SSL directives in the Virtual Host record for your domain, not the general SSL directives. Depending on your server config, your Virtual Host config for SSL may be in either httpd.conf or the ssl.conf file.
ReplyDelete@Jess M - 128 bit encryption has been around in IE since v5. If their browser is not up to par, they get an error message...
Good one...
ReplyDeleteGood one..
ReplyDeleteHi,
ReplyDeleteWe are planning to upgrade IIS from SSL v2 to v3. If the secure sites have server certificates installed, what changes need to be done? Do we need to reinstall the certificates? What other configuration changes have to be done?
very informative! Thanks!
ReplyDeletesslscan is an (easier) way to do this. it lists all ciphers:
ReplyDeletejcran@aldatmak:~$ sslscan www.google.com| grep -i accepted
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
fyi, sslscan can be found here: http://sourceforge.net/projects/sslscan/
ReplyDeleteClear and straight to the point. Thanks.
ReplyDeleteThe Microsoft KB article worked like a champ. The only catch for me was when I got to the end of the registry key the final key "Server" was not present on my machine so I had to create a Key named "server" then place a new DWORD, name it "Enabled" within the key and set the Hex value to 00000000. Reboot, and then all was good.
ReplyDeleteHi,
ReplyDeleteIs there a script or any tool that can check SSL with this condition:
* SSL Server Allows Cleartext Encryption
* SSL Server May Be Forced to Use Weak Encryption
* SSL Server Allows Anonymous Authentication
Thanks
Anonymous wrote:
ReplyDelete> Is there a script or any tool that
> can check SSL with this condition:
Check out SSLscan:
http://sourceforge.net/projects/sslscan/
Hello there, quick question, I've modified the SSLCipherSuite string as suggested then restart Apache
ReplyDeleteSSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
However, to verify it's working I'm using Nessus which once again shows that I'm using weak/medium strenght cipher suite.
I've read something that might be the browsers, I mean, you've configured correctly the server but if the browser doesn't accept STRONG ciphers, then the cipher is downgraded or something like that, so I'm wondering if this could be the reason of the findings in Nessus. Any suggestion?
Thx!
Hey,
ReplyDeleteWe have disabled SSLv2 and weak Cyphers but this is causing issues on firefox b 4.3 and OSX Chrome.
This is what firefox state: SSL3 & TLS Renegotiation Vulnerability
See CVE-2009-3555 and US-CERT VU#120541 for more information about this security vulnerability.
All SSL/TLS renegotiation is disabled by default in NSS 3.12.5. This will cause programs that attempt to perform renegotiation to experience failures where they formerly experienced successes, and is necessary for them to not be vulnerable, until such time as a new safe renegotiation scheme is standardized by the IETF.
What can be done?
#Steveonz - Not sure what you're running on your end, but for starters, make sure OpenSSL is updated (anything prior to 0.9.8l will pose a problem). As well, make sure mod_ssl in Apache is updated (v2.2.14 and earlier will be an issue).
ReplyDeleteThanks this is the info: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 Server at www.privatebox.co.nz Port 80
ReplyDeleteWe are getting from firefox 4.3 ssl_error_renegotiation_not_allowed
do you have any suggestions? I do not want to give out our website as it will appear on a google search.
I could use some help I am failing a PCI DSS scan and I read thru the blog and noticed I am not running any kind of open ssl or Apache it looks like. I am running Server 2003 R2 Standard sp2 with IIS6 I have made the changes to the registry for the ciphers but still getting failed scans. Look forward to the comments and suggestions.
ReplyDeleteI've recently started a blog, the information you provide on this site has helped me tremendously. Thank you for all of your time & work.
ReplyDeleteJust so you know, this is a perfect post in regards to a simple way to test and disable sslv2. I had to request 2 scans that failed before I found this wonderful post... Thanks so much and keep writing!
ReplyDeleteThank you for the great post, it has helped me move forward in becoming PCI compliant. However, my situation is that after following your guide, I still have SSLv2 and weak ciphers for a few ports. Following your instructions helped a few problems, but not all. Any clues on where I should look next to take care of this? I have a virtual dedicated hosting plan running CentOS 5.5. Thank you.
ReplyDeletePCI DSS is a real pain but important, the diy approach is becoming hard and hard this is one of the reasons I use a hosted solution (SaaS)for my e commerce site, take to problem out of my hands, as long as they are PCI compliant then all well
ReplyDeleteAnt
internal doors
Has anyone (instead of completely disabling SSLv2 / Weak Ciphers) successfully put in a redirect? I am getting pressure to land our customers who have out of date browsers onto a page that gives them a link to go and upgrade their browser instead. They still can't continue to our website so in effect, we have disabled SSLv2 support. Wondering if we can pass a PCI ASV scan with this approach?
ReplyDeleteHi, does the DSS specifically state you can not use ssl v2? I don't see that even in version 2.0 of the DSS. I thought you only had to disable the weak ciphers.
ReplyDeleteHello,
ReplyDeleteI have created a simple free tool that allows you to disable all weak ciphers on Windows Server 2003/2008. It also has a template button for PCI and FIPS-140 compliance. Check out IIS Crypto
Let me know what you think, thanks!
Thank you much. This was very helpful in my first PCI compliance scan/fix.
ReplyDeleteTried this over the weekend and it worked perfectly. Thanks
ReplyDeletehi..interesting article and thanks for the info..
ReplyDeleteWeve applied the "fixes" onto 4 of our servers..all the same setup/implementation etc yet this has only blocked SSLv2 on two of them and not the others...Anybody seen this before or any ideas please??? Weve checked registry settings/spelling/hex/dec values/rebooted etc TIA.
Amazing guide. Thank you.
ReplyDelete