Re: [Openvas-discuss] Private or Corporate CAs

2018-02-02 Thread R0b0t1 
On Fri, Feb 2, 2018 at 3:18 PM, Gareth Williams
 wrote:
> Hello,
>
> The "SSL/TLS: Certificate Signed Using A Weak Signature Algorithm" test gets
> confused if a server is using (and presumably sends as part of the TLS
> handshake) a Root CA certificate that is signed by a weak algorithm.
>
> This check should only be valid for subordinate certificate, that is,
> certificates signed by a superior CA.  In a self-signed (such as a Root CA)
> the signature algorithm is irrelevant.

The signature is not entirely irrelevant, and a weak digest on a root
CA does make it easier (but perhaps not yet feasible) to attack the
root CA. More problematic is an attack on an intermediate CA due to
certificates using a weak digest.

https://csrc.nist.gov/publications/detail/sp/800-131a/archive/2011-01-13

"SHA-1 shouldn't be trusted past January 2016 because of the
increasing practicality that a well-funded attacker or government
could find a SHA-1 hash collision, allowing them to impersonate any
SSL website." (Paraphrased.)

If you still don't want to trust the NSA and NIST, I think the test is
accurate: They're using old technology that needs to be updated. It's
too bad that that is work, so I suppose it's a good thing you're
getting paid.

> Many organisations still use a SHA1 signed Root CA certificate, and these
> are flagged up during a scan, if the scanned server is configured to send
> the Root CA certificate as part of the chain. Note that sending the Root has
> no security benefit or risk, and is ignored by clients - it is usually due
> to a misconfigured server.
>
> The 'gb_ssl_weak_hash_algo.nasl' script checks if a certificate is a Root CA
> certificate (by including CAs.inc) but this only checks if the certificate
> is on a predefined list of commercial CAs.  I can't add to this list (as far
> as my understanding goes) as the file is signed.  In my opinion, the NASL
> should simply check if the Subject and the Issuer are the same.  If they
> are, there is no reason to check the signature algorithm.
>
> This also affects servers that use a single self-signed certificate for TLS.
> While not considered best practice, many do use them.  Again, there is no
> reason in flagging the signature algorithm of these self-signed certificates
> as it adds no effective security.  A test of Subject is equal to Issuer
> would resolve this too.
>
> This may have been discussed previously (Google couldn't find it) as I'm new
> to OpenVAS.  If it has, please accept my apologies.
>

Cheers,
 R0b0t1
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] Private or Corporate CAs

2018-02-02 Thread Gareth Williams 

Hello,

The "SSL/TLS: Certificate Signed Using A Weak Signature Algorithm" test 
gets confused if a server is using (and presumably sends as part of the 
TLS handshake) a Root CA certificate that is signed by a weak algorithm.


This check should only be valid for subordinate certificate, that is, 
certificates signed by a superior CA.  In a self-signed (such as a Root 
CA) the signature algorithm is irrelevant.


Many organisations still use a SHA1 signed Root CA certificate, and 
these are flagged up during a scan, if the scanned server is configured 
to send the Root CA certificate as part of the chain. Note that sending 
the Root has no security benefit or risk, and is ignored by clients - it 
is usually due to a misconfigured server.


The 'gb_ssl_weak_hash_algo.nasl' script checks if a certificate is a 
Root CA certificate (by including CAs.inc) but this only checks if the 
certificate is on a predefined list of commercial CAs.  I can't add to 
this list (as far as my understanding goes) as the file is signed.  In 
my opinion, the NASL should simply check if the Subject and the Issuer 
are the same.  If they are, there is no reason to check the signature 
algorithm.


This also affects servers that use a single self-signed certificate for 
TLS.  While not considered best practice, many do use them.  Again, 
there is no reason in flagging the signature algorithm of these 
self-signed certificates as it adds no effective security.  A test of 
Subject is equal to Issuer would resolve this too.


This may have been discussed previously (Google couldn't find it) as I'm 
new to OpenVAS.  If it has, please accept my apologies.


Kind regards,

Gareth


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss