Checking For Outdated Ciphers
Keeping the software up-to-date on your machine is important and evermore so for security reasons. However, some people forget to update their configurations when they update their software. Running an old config could be just as dangerous as running old software!
I am going to show how to check a network-listening service for outdated ciphers. First make sure you have nmap installed. Second grab the nmap script named ‘ssl-enum-ciphers.nse’ from the official nmap website.
Example checking a webserver:
nmap — script ssl-enum-ciphers -p 443
I ran this against an internal webserver that is running Ubuntu 16.04:
Starting Nmap 7.91 ( https://nmap.org ) at 2021–08–06 12:38 PDT
Nmap scan report for 10.53.209.159
Host is up (0.00015s latency).PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048) — C
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) — A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) — C
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) — C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) — C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) — C
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) — A
| compressors:
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048) — C
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) — A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) — C
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) — C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) — C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) — C
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) — A
| compressors:
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 2048) — C
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) — A
| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) — C
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) — C
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) — C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) — A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) — A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) — C
| TLS_RSA_WITH_RC4_128_SHA (rsa 2048) — C
| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) — A
| compressors:
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Broken cipher RC4 is deprecated by RFC 7465
| Ciphersuite uses MD5 for message integrity
|_ least strength: CNmap done: 1 IP address (1 host up) scanned in 0.43 seconds
We want our target to show the least strength cipher as “A” and we do not want NULL ciphers or options. This particular host is running Apache2, so we need to edit /etc/apache2/mods-enabled/ssl.conf and look for or add a line like this:
SSLCipherSuite HIGH:!aNULL
Then restart apache2 and retest:
Starting Nmap 7.91 ( https://nmap.org ) at 2021–08–06 12:55 PDT
Nmap scan report for 10.53.209.159
Host is up (0.00015s latency).PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) — A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) — A
| compressors:
| NULL
| cipher preference: client
| TLSv1.1:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) — A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) — A
| compressors:
| NULL
| cipher preference: client
| TLSv1.2:
| ciphers:
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) — A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) — A
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) — A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) — A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) — A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) — A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) — A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) — A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) — A
| compressors:
| NULL
| cipher preference: client
|_ least strength: ANmap done: 1 IP address (1 host up) scanned in 0.47 seconds
This was just a basic intro to cipher checking with nmap and I hope this article is helpful to someone. I enjoy receiving feedback; be it suggestions, corrections, or questions. Feel free to drop some love, be safe, and hack away!
I Love Coffee! https://ko-fi.com/canutethegreat