How to fix SSL 2.0 and BEAST on IIS

Question

As you can see on this post TeamMentor.net vulnerable to BEAST and SSL 2.0, now what? the app I'm currently development got flagged for SSL 2.0 and BEAST by SSL Labs.

I'm using IIS 7.0 with the latest patches, and can't seem to find the answers to these questions:

What is the risk impact of this vulnerability on a site like http://teammentor.net?
What are the exploit scenarios?
Is there any mitigation (or not) by the use of IIS 7.0?
How do I fix this in IIS 7.0?
Can anything been done at the Application Layer?

For reference here are a couple other security.stackexchange.com questions on this topic:

Regardless of what you do regarding BEAST, turn off SSLv2. – Bruno Apr 30 '12 at 16:48 — Bruno, Apr 30 '12 at 16:48
Any suggestions on how to fix this in IIS 6.0 ? – D3l_Gato Dec 03 '12 at 16:54 — D3l_Gato, Dec 03 '12 at 16:54

score 29 · Accepted Answer · edited May 07 '13 at 17:39

In IIS 7 (and 7.5), there are two things to do:

Navigate to: Start > 'gpedit.msc' > Computer Configuration > Admin Templates > Network > SSL Configuration Settings > SSL Cipher Suite Order (in right pane, double click to open). There, copy and paste the following (entries are separated by a single comma, make sure there's no line wrapping):

TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_RC4_128_MD5,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

Run the following PowerShell commands as administrator (copy-paste into Notepad, save as 'fix-beast-in-iis.ps1' and run with elevated privileges):

#make TSL 1.2 protocol reg keys
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"

# Enable TLS 1.2 for client and server SCHANNEL communications
new-itemproperty -path     "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client" -name "DisabledByDefault" -value 0 -PropertyType "DWord"

# Make and Enable TLS 1.1 for client and server SCHANNEL communications
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server"
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" 
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -name "DisabledByDefault" -value 0 -PropertyType "DWord"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -name "Enabled" -value 1 -PropertyType "DWord"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -name "DisabledByDefault" -value 0 -PropertyType "DWord"

# Disable SSL 2.0 (PCI Compliance)
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server" -name Enabled -value 0 -PropertyType "DWord"

Once you've run the script, you can run 'regedit' and make sure the keys in the script were actually created correctly. Then reboot for the change to take effect.

WARNING: Notice I didn't turn off SSL 3.0- the reason for this is due to the fact that, like it or not, there are still people out there using Windows XP with IE 6/7. Without SSL 3.0 enabled, there would be no protocol for those people to fall back on. While you may still not get a perfect on a Qualys SSL Labs scan, the majority of holes should be closed by following the previous steps. If you want absolute PCI compliance, you can copy the lines from the Disable SSL 2.0 section of the Powershell script, paste them at the end of the script and change them to the following:

# Disable SSL 3.0 (PCI Compliance)
md "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server"
new-itemproperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server" -name Enabled -value 0 -PropertyType "DWord"

Then, when you run the script, you disable SSL 2.0, SSL 3.0 and enable TLS 1.1 and 1.2.

Great answer. Looks familiar (http://derek858.blogspot.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html). — Nathan Hartley, Jan 10 '13 at 03:04
[IISCrypto](https://www.nartac.com/Products/IISCrypto/Default.aspx) is a great tool to configure IIS/TLS — Carl Hörberg, Jan 20 '14 at 17:59
The WinXP users can install Firefox or Chrome to gain TLS support can't they? — Shiv, Feb 17 '15 at 03:11

score 19 · Answer 2 · answered Dec 12 '12 at 16:19

19

I just posted an update to IIS Crypto which is a free tool that sets the schannel registry keys and puts RC4 at the top of the SSL cipher suite order with a single click. This mitigates the BEAST attack on Windows Server 2008 and 2012.

answered Dec 12 '12 at 16:19

Jeff

249
2
2

Love this tool! Far easier than messing around with reg entries, – NULLZ Feb 17 '15 at 14:22

score 2 · Answer 3 · answered Apr 30 '12 at 13:43

As far as the actual risks, it seems hard to say. Whilst tools like SSL Labs reports this as high priority, I am not aware of any real attacks exploiting this in the wild, and from my (very limited) understanding of how the attack works, it's rather complicated to execute and there are plenty of pre-requisites to make it a real threat. You already linked to plenty of resources, so no point repeating what's already covered.

As for configuring IIS 7 to use RC4, perhaps this pdf can help?

score 1 · Answer 4 · answered Jan 14 '16 at 08:38

1

disabling everything "RC4" with IIS Crypto allowed to pass PCI compliance test on Server 2008 / IIS 7.0

answered Jan 14 '16 at 08:38

Konstantin Salavatov

111
2

score 0 · Answer 5 · answered Jan 14 '16 at 12:41

The following registry file will disable SSLv2 & SSLv3 on most windows implementations.

Create a .reg file with the following details and run.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000

The easiest way for you to verify is using either SSL labs again or testing using OpenSSL. It is worth nothing that some versions of OpenSSL don't support SSL Version 2.

OpenSSL 0.9.8t does support it and is the version I use for testing.

openssl s_client -connect subdomain.domain.tld:443 -ssl2

This is my go to command to check for chain block ciphers using openssl. The idea is that it we should not get a connection with any of these.

openssl s_client -connect subdomain.domain.tld:443 -tls1 -cipher SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:PSK-AES256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:RP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:PSK-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA

How to fix SSL 2.0 and BEAST on IIS

5 Answers5

Linked