주요 웹 브라우저 2020년 TLS1.0 및 TLS1.1 통신 지원 중지

주요 웹 브라우저 2020년 TLS1.0 및 TLS1.1 통신 지원 중지

(BROWSER VENDORS UNITE TO END SUPPORT FOR 20-YEAR-OLD TLS 1.0)

Chrome, Firefox, Edge, Safari, Explorer를 포함한 주요 웹 브라우저가 2020년에 TLS 1.0 및 TLS 1.1 통신에 대한 지원을 중지한다고 발표

■ TLS의 초기버전인 TLS1.0, TLS1.1은 POODLE 및 BEAST와 같은 다양한 공격에 취약

▷ SSL Protocol을 기반으로 개발된 TLS는 클라이언트-서버 간 안전하고 암호화된 통신 채널을 설정하는데 사용되고 있음

▷ POODLE(Padding Oracle On Downgraded Legacy Encryption) 취약점 : 구식 암호화 기법을 악용할 수 있게 하는 프로토콜 다운그레이드 취약점

▷ BEAST(Browser Exploit Against SSL/TLS) 취약점 : 앤드 유저 브라우저에서 HTTPS의 쿠키들을 해독하고 효과적인 타킷의 세션을 하이제킹할 수 있는 취약점

▷ TLS는 현재 1.0, 1.1, 1.2, 1.3(최신)으로 총4개의 버전 존재

■ TLS1.2 이상으로 업그레이드하고 브라우저 옵션에서 TLS1.0, TLS1.1 사용옵션 해제 권장

▷ PCI Data Security Standard(PCI DSS)*, Gitlab 등 업체들이 올해 안에 하위 버전 지원 중단

  * 신용카드 회원의 카드정보 및 거래정보를 안전하기 관리하기 위해 신용카드 결제전 과정에 결쳐 준수하여야 하는 신용업계 보안표준

▷ Google, Microsoft, Apple, Mozilla 등 4대 주요 회사는 2020년 상반기에 TLS1.0 및 TLS1.1 지원을 완전히 삭제 예정

▷ MS는 이미 많은 웹사이트가 새로운 버전의 프로토콜로 이동하였으며, 현재 사이트의 94%가 TLS1.2를 지원하고 있음

[참고]

https://thehackernews.com/2018/10/web-browser-tls-support.html

https://cyberdynesystems.ai/chrome-firefox-edge-and-safari-plans-to-disable-tls-1-0-and-1-1-in-2020/

https://anith.com/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0/

https://cafe.naver.com/rapid7/3329

컨설팅 : ISMS, ISO27001  GDPR,PCI-DSS 

취약점 진단 및 모의 침투

보안솔루션 공급
070-7867-3721, ismsbok@gmail.com

Some POODLE notes

 뉴딜코리아 홈페이지 | 뉴딜코리아
http://cafe.naver.com/rapid7/2699

Some POODLE notes

Heartbleed and Shellshock allowed hacks against servers (meaning websites and such).
POODLE allows hacking clients (your webbrowser and such).
If Hearbleed/Shellshock merited a 10, then this attack is only around a 5.

It requires MitM (man-in-the-middle) to exploit.
 In other words, the hacker needs to be able to to tap into the wires between you and the website you are browsing, which is difficult to do.
This means you are probably safe from hackers at home, because hackers can't tap backbone links.
But, since the NSA can tap into such links, it's probably easy for them.
However, when using the local Starbucks or other unencrypted WiFi, you are in grave danger from this hack from hackers sitting the table next to you.

It requires, in almost all cases, JavaScript running in the browser. That's because the attacker needs to MitM thousands of nearly identical connections that can fail. There are possibly rare cases where such connections may happen (like automated control systems), but JavaScript is nearly a requirement. That means your Twitter app in your iPhone is likely safe, as the attacker can't run JavaScript in the app. Although, a lot of apps use web GUIs underneath, if only to serve ads, so not all "apps" are safe.

It doesn't hack computers, but crack encryption. It reveals previously encrypted data.

What the hacker will likely try to do is hack your session cookies. That means they won't get your password for your account, but they will be able to log in as you into your account. Thus, while you are at Starbucks, some hacker next to you will be able to post tweets in your Twitter account and read all your Gmail messages. These are two examples -- they really have near complete control over your accounts. They won't be able to steal your password, however.

In theory, the attacker can do much more, but that attacking cookies it the overwhelming most likely vector.

It's the standard protocol that is vulnerable, not anybody's code.  Essentially, they got the math wrong.

Only older versions of SSL are impacted -- but everybody is backwards compatible with older versions. Thus, part of the attack is to "downgrade" both sides, forcing both the client and server to use the older version.

This attack is against SSLv3, which is 15 years old and known to be obsolete. After this version of SSL, engineers renamed it to TLS and reset the version number to 1.0, because they are jerks and want to confuse people. (Actually, the story is that Netscape created SSL, and Microsoft insisted on a name change because they hated Netscape). Thus, the next version after SSLv3 is TLSv1.0.

The solution is to disable SSLv3 (and all prior versions), and leave only TLS version 1.0 (and later versions) enabled. If either the server (the website) or the client (the browser) doesn't support SSLv3, then the hack won't work.

Disabling SSLv3 in servers is difficult, because a lot of users still use IE6, Microsoft's browser from a decade ago. When servers remove SSLv3, then users with IE6 will no longer be able to access the server. However, CloudFlare, which hosts a lot of websites, has disabled SSLv3 across their systems. Apparently they are comfortable with breaking IE6 -- which is good guidance for other people considering the same.

Disabling SSLv3 in browsers is easy. On Chrome, use the command-line flag  --ssl-version-min=tls1, and on Firefox set security.tls.version.min to 1. Generally, there virtually no servers out there who don't support TLSv1, so this shouldn't break anything.

The simplest explanation is, as usual for such things, on Adam Langeley's blog here.


참고사이트 :
https://www.imperialviolet.org/2014/10/14/poodle.html