How to fight BEAST vulnerability and maintain PFS for old clients?

burnersk asked:

Correct me if I’m wrong but BEAST is because of CBC in TLSv1.0, right? So to eliminate the threat of BEAST all CBC cipher suites which are SSLv3 or lower have to be disabled, right?

Lets jump into the real world example. See the Qualys SSL Test for my test domain. You’ll see that I have disabled SSLv3 (and lower of course) with protocols. To maintain some old clients which do not support TLSv1.1 and at the same time maintain Perfect Forward Secrecy for those clients I have to use some CBC cipher suites that came with SSLv3 or TLSv1.0.

Here are some samples of clients I have to maintain (with link to Qualys SSL Client Info site).

Here is my OpenSSL 1.0.1e cipher suite configuration:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:-DES:!RC4:!MD5:!PSK:!aECDH:EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Does anybody see a solution to fix BEAST and maintain Client/PFS? I only see max. TLSv1.0 and CBC only cipher suites on the client side.

To catch up with Michael Hampton: Yes, RC4 is not a solution. I forgot to mention that.

My answer:


Sorry, this can’t be done, and doesn’t need to be done anyway.

BEAST is no longer considered a serious threat, as client-side patches have been available for affected platforms for years now (even for XP!), and server-side mitigation requires RC4, which is now considered too weak to be secure and only makes things worse.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.