OpenWrt Forum Archive

Topic: Weak Ciphers in SSL found by OpenVas security scanner

The content of this topic has been archived on 26 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
e3c77773
19 Jan 2017, 18:11

Hi guys

The security issue
To check security of the router, I ran an OpenVas security scanner against OpenWrt Chaos Calmer 15.05.1 / LuCI 15.05-188-g87e9837

OpenVas detects WEAK CIPHERS in Https (like Sha1 autogenerated certificate) and SSH.

Actions:
- Removed buggy dropbear, replace by openssh
- Apparently the only way to adjust the ciphers is through /etc/sshd_config (config below). After each edit, restarted sshd. Some changes, but still presents weak ciphers and sha1 certificate.

Big Question
- How to block negotiating weak ciphers.
- How to strengthen the certificates.
Am I missing something, or does ssh needs a patch ?


Additional info
Installed packages related to ssh/ssl are
libopenssl          1.0.2g-1
libpolarssl          1.3.14-1
libustream-polarssl      2015-07-09-c2d73c2261..2d3
luci-ssl                  git-16.043.44305-e2f9172-1
openssh-keygen      7.1p2-1
openssh-server      7.1p2-1
openssh-sftp-server 7.1p2-1


Changes and additions /etc/sshd_config :

Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 2048

Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com

MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com

HostKeyAlgorithms ssh-rsa,ssh-dss

Hostbasedacceptedkeytypes ssh-rsa,ssh-ed25519

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521

Post #2
e3c77773
14 Feb 2017, 10:14

Hi, anyone ?
Big Question
- How to block negotiating weak ciphers by Luci and Luci-ssl
- How to strengthen the certificates.

Post #3
hnyman
14 Feb 2017, 10:40
e3c77773 wrote:

- How to block negotiating weak ciphers by Luci and Luci-ssl
- How to strengthen the certificates.

Move away from polarssl that has been deprecated. With LEDE and Openwrt DD trunk you can e.g. use luci-ssl-openssl and use openssl for SSL certificate generation.

(With luci-ssl Openwrt's px5g key generation tool only knows to use the deprecated polarssl, which is a shame. In LEDE px5g uses the more modern mbedtls instead of polarssl.)

----

There is no need to use the built-in automatic tools for certificate & key generation.

Manually generate dropbear SSH keys with higher bit amount (using the dropbearkey command) and then place the keys to the correct place.

You can also generate the SSL certificate for Luci (uhttpd) manually by installing openssl-utils package to get the openssl commandline tools. With that you can generate the SSL keys for uhttpd.

Some command examples for certificate creation:

/usr/sbin/px5g  selfsigned -der -days 365 -newkey rsa:2048 -keyout ./test.key -out ./test.crt -subj /C="FI"/ST="Uusi maa"/L="Es poo"/CN="user"

openssl req -x509 -outform der -nodes -days 365 -newkey rsa:2048 -keyout ./test.key -out ./test.crt -subj /C="FI"/ST="Uusi maa"/L="Es poo"/O="something"/CN="user"
Post #4
e3c77773
14 Feb 2017, 10:47

Thanks for swift reply.
Makes sense for the certificate part.
Not sure about negotiating weaker keys by luci however. Ill try asap and let you know !

Post #5
hnyman
14 Feb 2017, 10:52
e3c77773 wrote:

Makes sense for the certificate part.
Not sure about negotiating weaker keys by luci however.

LuCI ssl (= uhttpd service in practice) uses the certificate generated by you. You can use Openssl to first generate a stronger key if you like, and then generate the certificate. Internet is full of advice for using openssl for self-signed certificates.

Cert and key just need to be placed as /etc/uhttpd.key and uhttpd.crt

root@LEDE:~# ls /etc/uhttpd.*
/etc/uhttpd.crt  /etc/uhttpd.key
Post #6
anarchy99
14 Feb 2017, 13:10

finally some reasonable explanations about self-signed cert. when i tried it first time i followed wrong tutorials that focused on importing some certs in browser. now i see these are actually put into device.

if polarssl is deprecated shouldn't it be removed? and what about cyassl? openssl doesn't support older browser versions so it's not best either. i've yet to check on mbedtls.

luci-lib-px5g is not even selected in menuconfig (openwrt trunk)

now i see there are two different choice possibilites:

1. LuCI->Collections
2. Network->Web Servers/Proxies->uhttpd-mod-tls

if they mismatch does that mean secure version of site will not be available?

Post #7
hnyman
14 Feb 2017, 13:19
anarchy99 wrote:

if polarssl is deprecated shouldn't it be removed?

luci-lib-px5g is not even selected in menuconfig (openwrt trunk)

now i see there are two different choice possibilites:

1. LuCI->Collections
2. Network->Web Servers/Proxies->uhttpd-mod-tls

Polarssl has been removed from LEDE (where almost all core developers are active nowadays), but as the Openwrt development is pretty dead, nobody has taken care of that in the Openwrt repo.

luci-lib-px5g is quite something else. It is not needed.   
   (px5g is a seperate package pulled in by luci-ssl, and is only used once for SSL certificate generation)

uhttpd-mod-tls is not needed. it is an empty package (and has been deleted from LEDE).

To get SSL-based LuCI for Openwrt DD master (or LEDE master), you either
* install luci-ssl that installs uhttpd, libustream-mbedtls (in DD trunk) and px5g (and indirectly also libpolarssl in Openwrt or libmbedtls in LEDE).  https://github.com/openwrt/luci/blob/ma … l/Makefile
* install luci-ssl-openssl, that installs uhttpd, libustream-openssl, libopenssl and openssl-util and is an "openssl-only" version of LuCI.     https://github.com/openwrt/luci/blob/ma … l/Makefile

(Note that CC15.05 branch still appears to install libustream-polarssl)

(Last edited by hnyman on 14 Feb 2017, 13:41)

The discussion might have continued from here.