[kdeconnect] [Bug 400722] New: Out of date TLS Settings

[Dennis Jackson]

https://bugs.kde.org/show_bug.cgi?id=400722

            Bug ID: 400722
           Summary: Out of date TLS Settings
           Product: kdeconnect
           Version: unspecified
          Platform: unspecified
                OS: All
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: common
          Assignee: albertv...@gmail.com
          Reporter: dennisjackson...@hotmail.com
  Target Milestone: ---

SUMMARY

I took at the code for configuring the TLS socket used for the secure channel.
It appears to be out of date and is vulnerable to a number of known attacks.
Thankfully, it can be fixed by updating the configuration settings in a
backwards compatible fashion. 

SPECIFIC ISSUES: 

ISSUE: 

Only supports TLSv1.0 

DETAILS: 

Enabling support for later TLS versions will improve security and improve
performance. Whilst there are no known attacks on correctly configured TLSv1,0,
the later TLS versions are considerably easier to correctly configure and
support more efficient ciphersuites with better performance. 

ISSUE: 

Supports Broken Ciphersuites 

DETAILS: 

RC4-SHA and RC4-MD5 are known to be broken and have been prohibited by the IETF
since 2015. It is possible for an attacker to recover the plaintext of a user's
communications

ISSUE: 

Supports difficult to use Ciphersuites

DETAILS:

DHE-RSA-AES256-SHA requires additional configuration as by default the group
selected is too small and not considered secure. Unfortunately, old Java
clients (<= 7) do not support larger groups and if maintaining support with
them is an issue, it is best to stick to ECDHE ciphers (which Java 7 does
support). 

RECOMMENDATIONS

At the very least, REMOVE the RC4 and MD5 ciphersuites. 

Assuming you require backwards compatibility with Android 2.3 (the oldest
version I could find a KDEConnect app for), switch to using the `Intermediate`
configuration provided by Mozilla at [Mozilla Link]. It will maintain support,
but upgrade connections to more secure ciphersuites where possible. 

Using more modern ciphersuites will not only improve security, it will also
improve performance!  If possible enabling the Modern parameters would be best
(supported by Android 5.0 or higher), it disables TLS versions older than v1.2
and uses ciphersuites with perfect forward secrecy. 

ADDITIONAL INFORMATION

I did not examine any other parts of the codebase for issues (e.g. certificate
generation and fingerprint exchange). 

The code can be found in `configureSslSocket` inside
`core/backends/lan/lanlinkprovider.cpp`. [Github Link]. 

EXTERNAL LINKS:

[Github Link]
https://github.com/KDE/kdeconnect-kde/blob/master/core/backends/lan/lanlinkprovider.cpp

[Mozilla Link]
https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility

[QT SSL] https://doc.qt.io/qt-5/qsslsocket.html#protocol

-- 
You are receiving this mail because:
You are watching all bug changes.