I got this as a result to my PCI scan. This is like our site is vulnerable to robot attack. (So I am not place my domain here as it is vulnerable to the attack). Can you please let me know what is wrong and what I have to do increase my security?
Description
The detected service is vulnerable to an Adaptive Chosen Ciphertext attack vulnerability against RSA (aka “ROBOT Attack”). By manipulating the padding on an encrypted string, an attacker could be able to reveal information about the encrypted message by monitoring the error messages returned by the server. The encrypted data could be retrieved if the attacker successfully exploits this flaw. This vulnerability is due to an issue in the implementation of the SSL/TLS protocol. Please refer to the correct CVE and patch (e.g. Reference section) according to the implementation of SSL/TLS running on this host.
CVE: CVE-2017-12373,CVE-2017-17428,CVE-2017-17427,CVE-2017-17382,CVE-2017-6168,CVE-2012-5081,CVE-2016-6883,CVE-2017-13099,CVE-2017-1000385,CVE-2017-13098
Solution Please refers to this link https://robotattack.org/#patches for up-to-date fixes, patches and guidance.
Reference
Evidence
Cryptographic Oracle Strength: Strong (real attack is possible)
TLS SSL version: TLSv1.2
Message Flow Type: Standard
Message Flow: TLS alert 20 (length 7) / TLS alert 51 (length 7) / TLS alert 20 (length 7) / TLS alert 20 (length 7) / TLS alert 20 (length 7)
According to the results in www.ssllabs.com following are the amber (warning?) issues:
Summary
This server supports TLS 1.1. Grade capped to B. MORE INFO »
Certificate #1: RSA 2048 bits (SHA256withRSA)
DNS CAA No (more info)
Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI
Configuration
Protocols
TLS 1.1 Yes (but TLS 1.2 Green)
Cipher Suites
TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
---|---|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK | 256 |
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc4) DH 2048 bits FS WEAK | 256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK | 128 |
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xbe) DH 2048 bits FS WEAK | 128 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK | 256 |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS WEAK | 256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK | 128 |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS WEAK | 128 |
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK | 256 |
TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1) WEAK | 256 |
TLS_RSA_WITH_AES_256_CCM (0xc09d) WEAK | 256 |
TLS_RSA_WITH_ARIA_256_GCM_SHA384 (0xc051) WEAK | 256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK | 128 |
TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0) WEAK | 128 |
TLS_RSA_WITH_AES_128_CCM (0xc09c) WEAK | 128 |
TLS_RSA_WITH_ARIA_128_GCM_SHA256 (0xc050) WEAK | 128 |
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK | 256 |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc0) WEAK | 256 |
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK | 128 |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xba) WEAK | 128 |
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256 |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |
TLS 1.1 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
---|---|
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK | 256 |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS WEAK | 256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK | 128 |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS WEAK | 128 |
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256 |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |
My domain is:
I ran this command:
in the vhost file
It produced this output:
SSLEngine on
SSLProtocol -All +TLSv1.1 +TLSv1.2
SSLCompression Off
SSLHonorCipherOrder on
SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
My web server is (include version):
Apache/2.4.46 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.23.0