TLSv1.0 and problematic ciphersuites are incredibly prevalent on the public internet, but the legacy browsers that require them are not. Why are they still on your perimeter?
Implementing TLS best practices is an impossible balancing act for most security teams.
Deploying and maintaining TLS-enabled services is hard. Only the most diligent security teams stay abreast of the latest named TLS vulnerabilities (Heartbleed, Poodle, Beast, Logjam, etc.), along with all their associated cipher suites and attack vectors.
In a perfect world, clients and servers would coordinate perfectly, deprecating or disabling weak or broken ciphersuites as they are discovered by the security community. But this is the real world: vendors furnish updates on different schedules, and preserving interoperability is a constant, nagging concern. Consequently, it’s all too common for new services, designed with a zeal for maximum compatibility, to be deployed by good faith security teams with default TLS configurations, and to never be scrutinized again.
It seems like the only way to fully achieve an optimal TLS environment is to carefully and continuously analyze the cost-benefit of every TLS ciphersuite and protocol across your network for maximum security and compatibility — but it doesn’t have to be that hard.
Truly optimal TLS perimeters are rarely observed in the wild.
Expanse continuously monitors the public internet to discover and attribute assets to our customers, resulting in a true and complete picture of the services and exposures on their perimeters. When probing the TLS perimeter, it is routine for Expanse to discover dozens of services supporting SSLv2 and SSLv3, and hundreds supporting problematic ciphersuites — all across the same customer’s perimeter. Perimeters like this are regularly observed for customers that have relatively strong security in other aspects.
How many TLS versions should you be supporting, really?: A cheat sheet
As compliance regimes take ever harsher views on dated TLS configurations, security organizations will need to update them with greater and greater urgency. But as these regulations come out, it still merits asking how these updates will impact browser compatibility. To that end, we collected data on current and legacy versions of the most well-known desktop and mobile web browsers, to see how far one could push their standards without compromising browser compatibility. The results were encouraging.
First we considered how high a floor one could set for a server’s minimum supported SSL/TLS protocol version. Unless your organization still supports Internet Explorer 6, you should have no problem disallowing SSLv2 and SSLv3 on all of your servers. Furthermore, so long as your organization has moved off of the following dated browsers, you can also disable TLSv1.0 (which brings you up to date with the latest iteration of PCI-DSS):
- Internet Explorer 6, Running on Windows XP
- Internet Explorer 7, Running on Windows Vista
- Internet Explorer 8, Running on Windows XP
- Internet Explorer 8, Running on Windows 7
- Internet Explorer 9, Running on Windows 7
- Internet Explorer 10, Running on Windows 7
- Internet Explorer 10, Running on Windows Phone 8.0
- Opera 12.15, Running on Windows 8
- Safari 5.1.9, Running on OS X 10.6.8
- Safari 6.0.4, Running on OS X 10.8.4
But why stop there? As it turns out, if your organization isn’t running Internet Explorer 10 or earlier, very old versions of Safari, or Opera, and, further, if you can be sure your organization doesn’t run very old versions of Google Chrome, then you can safely disable SSLv2, SSLv3, TLSv1.0, and a wide range of problematic ciphersuites: those with keys shorter than 128 bits, those that can’t provide perfect forward secrecy, those using the cryptographically weak RC4 cipher, and those using deprecated hashing algorithms, like MD5 and SHA1. In addition to the browsers above, these are the ones to watch out for:
- Chrome 27, Running on Windows 7
- Chrome 28, Running on Windows 7
- Opera 15, Running on Windows 7
Expanse can help you find your true TLS perimeter and get it back under control.
TLSv1.0 and the problematic ciphersuites enumerated above are incredibly prevalent on the public internet, but these legacy browsers are not. Maintaining an optimal and controlled TLS strategy is an ongoing process that requires a deep understanding of your TLS perimeter and your business goals. Expanse helps you continually build and monitor a true and complete picture of your TLS perimeter, along with actionable information on how to keep it in check. Don’t wait — request a demo now.