ProHoster > Blog > Administrasyon an > HTTPS pa toujou an sekirite jan li sanble. Vilnerabilite yo jwenn nan 5,5% nan sit HTTPS

HTTPS pa toujou an sekirite jan li sanble. Vilnerabilite yo jwenn nan 5,5% nan sit HTTPS

HTTPS pa toujou an sekirite jan li sanble. Vilnerabilite yo jwenn nan 5,5% nan sit HTTPS
Youn nan sit pi gwo Alexa yo (sèk santral), ki an sekirite pa HTTPS, ak subdomains (gri) ak depandans (blan), pami ki gen moun ki vilnerab (lonbraj tirè)

Sèjousi, ikòn koneksyon an sekirite HTTPS vin tounen yon estanda e menm yon atribi nesesè nan nenpòt sit ki grav. Si sètifika manke, prèske tout navigatè resan yo montre yon avètisman ke koneksyon sou sit la "pa an sekirite" epi pa rekòmande pou transfere enfòmasyon konfidansyèl nan li.

Men, li sanble ke prezans nan yon "fèmen" nan ba adrès la pa toujou garanti pwoteksyon. Tcheke 10 sit dirijan yo Soti nan evalyasyon an, Alexa te montre ke anpil nan yo se sijè a frajilite kritik nan pwotokòl SSL / TLS yo, anjeneral nan subdomains oswa depandans. Dapre otè yo nan etid la, konpleksite nan aplikasyon entènèt modèn anpil ogmante sifas la atak.

Rezilta rechèch

Etid la te fèt pa ekspè nan University of Venice Ca' Foscari (Itali) ak University Technical University Vyèn. Yo pral prezante yon rapò detaye nan 40yèm IEEE Symposium sou Sekirite ak Konfidansyalite, ki pral fèt 20-22 me 2019 nan San Francisco.

Top 10 Alexa lis sit HTTPS yo ak 000 lame ki gen rapò yo te teste. Konfigirasyon kriptografik vilnerab yo te detekte sou 90 lame, se sa ki, apeprè 816% nan total la:

  • 4818 vilnerab a MITM
  • 733 yo vilnerab a dechifre TLS konplè
  • 912 yo vilnerab a dechifre TLS pasyèl

898 sit yo konplètman ouvè a piratage, se sa ki, yo pèmèt piki a nan script twazyèm pati, ak sit 977 chaje kontni ki soti nan paj mal pwoteje ke yon atakè ka kominike avèk yo.

Chèchè yo mete aksan sou ke pami 898 resous "konplètman konpwomèt" yo se magazen sou entènèt, sèvis finansye ak lòt sit gwo. 660 sou 898 sit telechaje script ekstèn soti nan lame vilnerab yo: sa a se sous prensipal danje. Dapre otè yo, konpleksite nan aplikasyon entènèt modèn anpil ogmante sifas la atak.

Lòt pwoblèm yo te jwenn tou: 10% nan fòm otorizasyon yo gen pwoblèm ak transmisyon an sekirite nan enfòmasyon, ki menase koule modpas, 412 sit pèmèt entèsepsyon nan bonbon ak vòl sesyon, ak sit 543 yo sijè a atak sou entegrite bonbon (atravè subdomains) .

Pwoblèm lan se ke nan dènye ane yo nan SSL / TLS pwotokòl yo ak lojisyèl idantifye yon kantite frajilite: POODLE (CVE-2014-3566), BEAST (CVE-2011-3389), KRIM (CVE-2012-4929), BREACH (CVE-2013-3587), ak Heartbleed (CVE-2014-0160). Pou pwoteje kont yo, gen yon kantite paramèt sou sèvè a ak bò kliyan pou evite itilize ansyen vèsyon vilnerab yo. Men, sa a se yon pwosedi olye ki pa trivial, paske anviwònman sa yo enplike chwazi nan yon seri vaste nan chifreman ak pwotokòl, ki se byen difisil a konprann. Li pa toujou klè ki suites chifre ak pwotokòl yo konsidere kòm "asekire ase".

Anviwònman rekòmande

Pa gen okenn moun ofisyèlman apwouve ak dakò sou lis anviwònman HTTPS rekòmande. Se konsa, Mozilla SSL Konfigirasyon dèlko ofri plizyè opsyon konfigirasyon, tou depann de nivo pwoteksyon ki nesesè yo. Pou egzanp, isit la se anviwònman yo rekòmande pou yon sèvè nginx 1.14.0:

Mòd modèn

Pi ansyen kliyan sipòte: Firefox 27, Chrome 30, IE 11 sou Windows 7, Edge, Opera 17, Safari 9, Android 5.0, ak Java 8

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;


# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

resolver <IP DNS resolver>;

....
}

Mwayen sipò

Pi ansyen kliyan sipòte: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;

# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

resolver <IP DNS resolver>;

....
}

Ansyen sipò

Pi ansyen kliyan sipòte: Windows XP IE6, Java 6

server {
listen 80 default_server;
listen [::]:80 default_server;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;

# old configuration. tweak to your needs.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

resolver <IP DNS resolver>;

....
}

Li rekòmande pou w toujou sèvi ak suite chifreman konplè a ak dènye vèsyon OpenSSL la. Suite chifreman nan paramèt sèvè a presize priyorite kote yo pral itilize yo, tou depann de anviwònman kliyan yo.

Rechèch montre ke li pa ase jis enstale yon sètifika HTTPS. "Pandan ke nou pa okipe bonbon tankou nou te fè an 2005, epi 'TLS desan' te vin komen, li sanble ke bagay debaz sa yo pa ase pou sekirize yon gwo kantite sit trè popilè," di otè yo nan travay la. Pou pwoteje fyab kanal la ant sèvè a ak kliyan an, ou bezwen ak anpil atansyon kontwole enfrastrikti ki soti nan subdomains pwòp ou yo ak lame twazyèm pati ki soti nan ki kontni pou sit la apwovizyone. Petèt li fè sans pou kòmande yon odit nan men kèk konpayi twazyèm pati ki espesyalize nan sekirite enfòmasyon.

HTTPS pa toujou an sekirite jan li sanble. Vilnerabilite yo jwenn nan 5,5% nan sit HTTPS

Sous: www.habr.com