Experts have long warned about the dangers associated with old, deprecated encryption protocols. Attacks like DROWN - an exploit which took advantage of a flaw in SSLv2 on servers running SSL/TLS, along with other acronymic attacks through the years like POODLE, BREACH, BEAST and CRIME, are prime examples of some of the problems with weak encryption protocols.
While many of those attacks are years old, it doesn't diminish the fact that outdated transport layer security (TLS) protocols continue to pose a threat.
That's partly why the National Security Agency this week released guidance for organizations to help eliminate use of these obsolete protocols.
While the guidance is technically for all organizations - all network owners and operators should consider taking these actions, the NSA said - it's specifically geared towards those who oversee federal websites and services.
The guidance reiterates that NIST, the National Institute of Standards and Technology, and CNSS, the Committee on National Security Systems, prohibit the use of obsolete protocols and that those in charge of systems at the National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) would be well served to follow it. While it doesn’t point fingers, the document does note that obsolete TLS configurations are in use in U.S. Government systems, something which could open them up to adversaries accessing sensitive operational traffic.
In order to sufficiently protect sensitive data, organizations need robust protection; that means keeping up with new versions of the TLS protocol and shedding support for obsolete versions.
The NSA’s guidance covers recommended TLS versions, cipher suites, and key exchange mechanisms, how to detect old versions and how to remediate out-of-date devices.
Going forward, if they’re not already, the NSA is encouraging organizations to only use TLS 1.2 or TLS 1.3. SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 are not be used.
When it comes to cipher suites - cryptographic algorithms that factor into TLS transmission - weak and obsolete cipher suites like NULL, RC2, RC4, DES, IDEA, and TDES/3DES should not be used; those that support TLS 1.3 and TLS 1.2 should be double checked to ensure they’re not running older cipher suites either.
RSA key transport with the appropriate mechanisms in place is recommended:
“NSA recommends RSA key transport and ephemeral DH (DHE) or ECDH (ECDHE) mechanisms, with RSA or DHE key exchange using at least 3072-bit keys and ECDHE key exchanges using the secp384r1elliptic curve. For RSA key transport and DH/DHE key exchange, keys lesst han 2048 bits should not be used, and ECDH/ECDHE using custom curves should not be used.”
In its document the NSA makes a point to harp on the illusion of security older TLS configurations can provide; it may appear that data is protected but really it isn’t.
“Organizations encrypt network traffic to protect data in transit. However, using obsolete TLS configurations provides a false sense of security since it looks like the data is protected, even though it really is not,” the NSA writes, “Make a plan to weed out obsolete TLS configurations in the environment by detecting, remediating, and then blocking obsolete TLS versions, cipher suites, and finally key exchange methods. Prepare for cryptographic agility to always stay ahead of malicious actors’ abilities and protect important information.”
