13

SSL supports several anonymous cipher suites such as TLS_DH_anon_WITH_AES_256_GCM_SHA384. When these are used, no authentication is performed and no certificates are exchanged. This means that if they are used, you are at risk of MitM attacks.

Previously, I have only seen these enabled when someone has enabled every single cipher suite by mistake. Today, I noticed that Nationwide online banking has a single anonymous cipher suite enabled.

This leads me to believe it was added deliberately, rather than accidentally.

What are the use cases for anonymous cipher suites on a website?

Cybergibbons
  • 1,191
  • 2
  • 8
  • 21
  • Upvoted for bringing the Nationwide master... minds to light. – Deer Hunter Feb 13 '16 at 18:48
  • Contact Nationwise tech support, or their abuse contact, with a link to the [ssllabs](https://ssllabs.com) test results for their site. They need to fix this immediately, and find out who added that cipher suite. – Anti-weakpasswords Feb 14 '16 at 08:06

2 Answers2

10

What are the use cases for anonymous cipher suites on a website?

None. This is just a severe mistake and therefore the grade is capped to F. None of the browsers offers anonymous cipher suites (at least by default) so no connection with a browser will be established this way. But it might well be that some mobile banking apps make the same mistake.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
10

That TLS includes such capability is not without good reason.

It provides for confidentiality without the need for a certificate authority - an endpoint must be configured to remember what certificates it will accept, instead of which certificate authorities it will accept. This is a completely different trust model from that generally used on the internet, and should not be used on a public website.

I would not expect this cipher to be available in any browser.

symcbean
  • 18,278
  • 39
  • 73
  • 1
    +1 for the nice explanation of an alternative use case where anon suites could somewhat make sense, given that TLS is widely deployed and not only used for web services. – user3363866 Sep 22 '17 at 13:01
  • 4
    "an endpoint must be configured to remember what certificates it will accept, instead of which certificate authorities it will accept" - This does not actually work with anon suites. There is no certificate exchange when using anon suites so you will not be able to accept or reject any certificates. – ddso Feb 08 '19 at 13:14