RouterOS 6.48.6 (long-term)
In short: Is there any way to disable less secure (RC4, 3DES) ciphers on www-ssl service? Something like /ip ssh set strong-crypto=yes ?
Explanation:
One of my customers is subject to PCI DSS quarterly vulnerability scans. They sent me a report which enumerates several problems with www-ssl service (Webfig over TLS). The report is in general very poor, it enumerates vulnerabilities which seems to be fixed since at least in ROS v6.13 (CVE-2013-0169, see below) or vulnerabilities without indicating any CVE (or other indication of validity of supposed vulnerability) at all, but the one I want to address is use of weak ciphers. Even if I use (set) address property or use firewall to limit IPs accessing https port that does not mitigate entirely attack on those weak ciphers.
The report states that we use weak TLS/SSL ciphers: CVE-2016-2183 (64-bit block ciphers) and CVE-2013-2566 (RC4 cipher alg.). I have already set
Code: Select all
/ip service set www-ssl tls-version=only-1.2
Code: Select all
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
There was a thread How to disable weak ciphers and hmac in TLS? in Forwarding Protocols forum that got no conclusive answer (and there was no ROS version indicated).
As for CVE-2013-0169 (aka. Lucky13) it was side-channel timing attack affecting openssl in versions prior to 1.0.1e, 1.0.0k or 0.9.8y. But I found that normis announced that Heartbleed (CVE-2014-0160) is not an issue on ROS v6.13 and above as they use newer, not affected version that is at least 1.0.1g or 1.0.2-beta2. So 1.0.1g had already fixed Lucky13 issue and I assume Mikrotik did not use beta branch of openssl.