0

I was testing a new proxy server today with SSL Labs and found that I had somehow included some anonymous cipher suites.

After resolving the problem I decided to find out what problems this could cause and how/why this was exploitable. To my surprise (considering the report and rating cap from SSL Labs) I was unable to find out much more then its possible to perform a MiTM, where weak ciphers are used.

Obviously I'm not looking for a how to, rather an explanation as to why it is exploitable and what would/could happen if these cipher suites had been left in place? Or is the answer it allows for a MiTM to take place?

Drifter104
  • 123
  • 4

2 Answers2

1

While anonymous cipher suites feel bad when configured at the server side like in your case they are only a real problem if the client offers such cipher suites. Only in this case a man in the middle attacker could trick the client to connect to the attacker because the client can be forced to not authenticate its peer. Once this is done it actually does not matter which cipher is used between attacker and server and if the attacker checks for the correct server or not, i.e. there is no need for the server supporting anonymous ciphers for the attack to succeed.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Ok, that makes sense. Perhaps I was over thinking it because I was looking at from a server perspective. So in theory if tomorrow all possible clients stopped supporting anonymous suites it the server side wouldn't matter – Drifter104 Aug 08 '16 at 19:46
  • @Drifter104: Again, for a man in the middle attack it matters only if anonymous ciphers are offered by the client.The server side does not matter. And fortunately most clients (the browsers, most TLS stacks) don't support anonymous ciphers or at least don't have them enabled by default. – Steffen Ullrich Aug 08 '16 at 20:10
  • Ok, I'm with you now – Drifter104 Aug 08 '16 at 20:46
0

It's exploitable because no authentication / certificate exchange is performed.

cyzczy
  • 1,518
  • 5
  • 21
  • 34
  • 3
    Sometimes short answers can suit the question, but you do not address the questions asked. Also, there is a lot of room for you to expand your answer so that it will be helpful to others. Can you work on this answer a little bit? – schroeder Aug 08 '16 at 20:56