Project

General

Profile

Actions
Copy link

tickets #102602

closed

anna|elsa, daffy1|daffy2: SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection

Added by lrupp over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
High
Assignee:
opensuse-admin
Category:
Core services and virtual infrastructure
Target version:
-
Start date:
2021-11-17
Due date:
% Done:

100%

Estimated time:

Description

Insight

The TLSv1.0 and TLSv1.1 protocols contain known cryptographic flaws like:

  • CVE-2011-3389: Browser Exploit Against SSL/TLS (BEAST)
    *CVE-2015-0204: Factoring Attack on RSA-EXPORT Keys Padding Oracle On Downgraded Legacy Encryption (FREAK)

Impact

An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection.

Furthermore newly uncovered vulnerabilities in this protocols won't receive security updates anymore.

Solution

It is recommended to disable the deprecated TLSv1.0 and/or TLSv1.1 protocols in favor of the TLSv1.2+ protocols.

Just use https://ssl-config.mozilla.org/ as base for a good configuration.

References

CERT

DFN-CERT-2020-0177
DFN-CERT-2020-0111
DFN-CERT-2019-0068
DFN-CERT-2018-1441
DFN-CERT-2018-1408
DFN-CERT-2016-1372
DFN-CERT-2016-1164
[...]

Actions
Copy link

Also available in: Atom PDF