Questions tagged [beast]

BEAST is an attack against SSL/TLS versions up to TLS 1.0.

38 questions
40
votes
1 answer

TLS: RC4 or not RC4?

I was reading another interesting article by Matthew Green today, saying that if you're using RC4 as your primary ciphersuite in SSL/TLS, now would be a great time to stop As far as I'm aware RC4 has been up'd on the list of ciphersuites to…
Yoav Aner
  • 5,299
  • 3
  • 24
  • 37
31
votes
5 answers

How to fix SSL 2.0 and BEAST on IIS

As you can see on this post TeamMentor.net vulnerable to BEAST and SSL 2.0, now what? the app I'm currently development got flagged for SSL 2.0 and BEAST by SSL Labs. I'm using IIS 7.0 with the latest patches, and can't seem to find the answers to…
Dinis Cruz
  • 629
  • 1
  • 6
  • 15
27
votes
3 answers

Is there a way to mitigate BEAST without disabling AES completely?

It seems that the easiest way to protect users against the BEAST attack on TLS <= 1.0 is to prefer RC4 or even disable all other (CBC) cipher suites altogether, e.g. by specifying something like SSLCipherSuite RC4-SHA:HIGH:!ADH in the Apache…
lxgr
  • 4,094
  • 3
  • 28
  • 37
26
votes
3 answers

Why was the BEAST attack previously considered implausible?

Can someone explain why the BEAST attack wasn't considered plausible? I saw an article quoting the creator as saying 'It is worth noting that the vulnerability that BEAST exploits has been presented since the very first version of SSL. Most people…
Andrew Semler
  • 363
  • 2
  • 5
25
votes
4 answers

Why don't major browsers currently support TLS above version 1.0?

TLS 1.0 seem to be vulnerable to Beast, Lucky13 and maybe other attacks and is simply outdated. Common workaround used e.g. by Google was to use RC4 which was also recently broken, but none of the major browsers seem to be implementing newer version…
Smit Johnth
  • 1,709
  • 4
  • 17
  • 23
19
votes
1 answer

Tools to test for BEAST/CRIME that AREN'T Internet-based?

We have increasing pressure to identify and remediate any HTTPS server configurations that are vulnerable to BEAST (CBC) and CRIME (compression). We need to fix servers that are accessible to the Internet at large, servers that are only accessible…
gowenfawr
  • 71,975
  • 17
  • 161
  • 198
18
votes
2 answers

Is AES-GCM recommended for SSL?

I'm looking at turning on site-wide SSL for a website I manage, and I'm wondering what the best practices for SSL configuration. I'm not too worried about compatibility with old browsers and more obscure mobile devices, so I'd like to cut down the…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
18
votes
3 answers

Is gzipping content via TLS allowed?

So I have these few compression directives at http level in nginx: gzip on; gzip_http_version 1.1; gzip_vary on; I read that this should be avoided because of CRIME/BREACH attack, is this correct?
Florian Schneider
  • 1,073
  • 2
  • 9
  • 11
16
votes
5 answers

What can I do about TLS 1.0 javascript injection vulnerability on my server?

The recent article featured on slashdot http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ says that connections secured with TLS 1.0 are susceptible to man-in-the-middle decryption (the BEAST exploit). I have an app hosted on…
Riley Lark
  • 967
  • 1
  • 8
  • 10
16
votes
3 answers

How to test for the BEAST attack if server isn't Internet-connected?

I'd like to test a server specifically for vulnerabilities related to BEAST. What command line switches should I use? What should I see (or not see) in the output? Update The intent is to scan a non-Internet connected web server, or to scan a server…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
15
votes
4 answers

TLS 1.0 JavaScript injection vulnerability (BEAST): what to do client-side?

With the alleged SSL/TLS vulnerabilities used by the BEAST exploit, there seems to be a security gap between TLS versions; TLS 1.0 being the problematic one but still the only option for many sites. If indeed there is a problem with older TLS…
George
  • 2,813
  • 2
  • 23
  • 39
13
votes
2 answers

Is BEAST really fixed in all modern browsers?

BEAST is said to be fixed in all modern browsers: Chrome and Firefox IE in Jan 2012 Opera in Dec 2011. It's also fixed in OpenSSL since 2002. Do these fixes mean that it's safe to use ciphers in CBC mode on TLS 1.0 if end user uses one of these…
Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
6
votes
1 answer

Prevent BEAST attack without RC4 cipher suites

It is common practice to prevent the BEAST attack using the following ciphers in Apache SSL configuration: SSLCipherSuite RC4-SHA:HIGH:!ADH Unfortunately, RC4 has been found to be flawed and it is now recommended to avoid its use. From a Nessus…
Michael
  • 1,457
  • 1
  • 18
  • 36
6
votes
1 answer

Any not totally insecure browser vulnerable to BEAST?

People still worry about BEAST quite a lot when configuring web servers to the point of preferring RC4 over AES-CBC. But most browsers mitigate BEAST even while using TLS 1.0. Is there a browser that: Is vulnerable to BEAST or to Lucky…
CodesInChaos
  • 11,854
  • 2
  • 40
  • 50
6
votes
2 answers

Configure SSL to prefer RC4 ciphers over block-based ciphers - BEAST

Our PCI scanners just informed us that we have BEAST (Browser Exploit Against SSL/TLS) Vulnerability Apparently, the remediation is as follows: Affected users should disable all block-based cipher suites in the server's SSL configuration and only…
JonoB
  • 163
  • 1
  • 4
1
2 3