I got this as a result to my PCI scan. This is like our site is vulnerable to robot attack. (So I am not place my domain here as it is vulnerable to the attack). Can you please let me know what is wrong and what I have to do increase my security?

Description

The detected service is vulnerable to an Adaptive Chosen Ciphertext attack vulnerability against RSA (aka “ROBOT Attack”). By manipulating the padding on an encrypted string, an attacker could be able to reveal information about the encrypted message by monitoring the error messages returned by the server. The encrypted data could be retrieved if the attacker successfully exploits this flaw. This vulnerability is due to an issue in the implementation of the SSL/TLS protocol. Please refer to the correct CVE and patch (e.g. Reference section) according to the implementation of SSL/TLS running on this host.

CVE: CVE-2017-12373,CVE-2017-17428,CVE-2017-17427,CVE-2017-17382,CVE-2017-6168,CVE-2012-5081,CVE-2016-6883,CVE-2017-13099,CVE-2017-1000385,CVE-2017-13098

Solution Please refers to this link https://robotattack.org/#patches for up-to-date fixes, patches and guidance.

Reference

Evidence

Cryptographic Oracle Strength: Strong (real attack is possible)

TLS SSL version: TLSv1.2

Message Flow Type: Standard

Message Flow: TLS alert 20 (length 7) / TLS alert 51 (length 7) / TLS alert 20 (length 7) / TLS alert 20 (length 7) / TLS alert 20 (length 7)

According to the results in www.ssllabs.com following are the amber (warning?) issues:

Summary

This server supports TLS 1.1. Grade capped to B. MORE INFO »

Certificate #1: RSA 2048 bits (SHA256withRSA)

DNS CAA No (more info)

Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI

Configuration

Protocols

TLS 1.1 Yes (but TLS 1.2 Green)

Cipher Suites

# TLS 1.2 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
---|---|

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK | 256 |

TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc4) DH 2048 bits FS WEAK | 256 |

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK | 128 |

TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xbe) DH 2048 bits FS WEAK | 128 |

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK | 256 |

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS WEAK | 256 |

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK | 128 |

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS WEAK | 128 |

TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK | 256 |

TLS_RSA_WITH_AES_256_CCM_8 (0xc0a1) WEAK | 256 |

TLS_RSA_WITH_AES_256_CCM (0xc09d) WEAK | 256 |

TLS_RSA_WITH_ARIA_256_GCM_SHA384 (0xc051) WEAK | 256 |

TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK | 128 |

TLS_RSA_WITH_AES_128_CCM_8 (0xc0a0) WEAK | 128 |

TLS_RSA_WITH_AES_128_CCM (0xc09c) WEAK | 128 |

TLS_RSA_WITH_ARIA_128_GCM_SHA256 (0xc050) WEAK | 128 |

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK | 256 |

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0xc0) WEAK | 256 |

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK | 128 |

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xba) WEAK | 128 |

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256 |

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |

# TLS 1.1 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 256 |
---|---|

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK | 256 |

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS WEAK | 256 |

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH x25519 (eq. 3072 bits RSA) FS WEAK | 128 |

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK | 128 |

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS WEAK | 128 |

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK | 256 |

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK | 256 |

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK | 128 |

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK | 128 |

My domain is:

I ran this command:

in the vhost file

It produced this output:

SSLEngine on

SSLProtocol -All +TLSv1.1 +TLSv1.2

SSLCompression Off

SSLHonorCipherOrder on

SSLCipherSuite "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4-SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

My web server is (include version):

Apache/2.4.46 (Ubuntu)

The operating system my web server runs on is (include version):

Ubuntu 16.04

My hosting provider, if applicable, is:

AWS

I can login to a root shell on my machine (yes or no, or I don't know):

yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of `certbot --version`

or `certbot-auto --version`

if you're using Certbot):

certbot 0.23.0