SSL Downgrade Attacks via Proxies

TL;DR

Yes, a corporate proxy can downgrade an SSL/TLS handshake, potentially weakening security. This happens when the proxy doesn’t fully support modern TLS versions or ciphers and falls back to older, less secure protocols. It’s crucial to ensure your proxies are properly configured with strong TLS settings and regularly updated.

Understanding the Risk

An SSL downgrade attack forces a client and server to negotiate a weaker encryption protocol (like SSLv3 or TLS 1.0) than they would normally use. A proxy sitting in between can manipulate this negotiation, especially if it doesn’t support newer protocols.

How Proxies Cause Downgrades

1. Protocol Support: If a proxy only supports older SSL/TLS versions, it will limit the highest protocol version available for the connection.
2. Cipher Suite Negotiation: Proxies can also restrict the cipher suites offered to clients and servers. Weak or outdated ciphers are vulnerable.
3. Misconfiguration: Incorrect proxy settings (e.g., enabling SSLv3) create vulnerabilities.

Checking Your Proxy Configuration

You need to check the configuration of your corporate proxy server(s). The exact method depends on the proxy software used (Squid, Apache, Nginx, etc.). Here are some common approaches:

1. Using OpenSSL

OpenSSL can simulate a connection and show you the negotiated protocol version.

openssl s_client -connect yourproxy.example.com:443

Look for the line that says Protocol : This will tell you which TLS/SSL version was used. If it’s anything older than TLS 1.2, there’s a problem.

2. Squid Proxy Configuration

If using Squid, check your squid.conf file for the following:

• ssl_bump peek ssl_bump splice: These directives control SSL interception and can affect protocol negotiation.
• ssl_protocols: Ensure this includes TLSv1.2 and TLSv1.3, and explicitly excludes older protocols like SSLv3. Example:

  ssl_protocols TLSv1.2 TLSv1.3

• ssl_cipher_suites: Configure strong cipher suites. Avoid weak ciphers like those using RC4 or DES.

  ssl_cipher_suites HIGH:!aNULL:!MD5

After making changes, restart Squid:

sudo systemctl restart squid

3. Apache/Nginx as Reverse Proxies

If using Apache or Nginx as a reverse proxy, check your virtual host configuration.

• SSLProtocol: In Apache, use SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 to disable older protocols.
• ssl_protocols: In Nginx, use ssl_protocols TLSv1.2 TLSv1.3; to enable only modern protocols.
• ssl_ciphers: Configure strong cipher suites in both Apache and Nginx.

Restart the web server after making changes.

Mitigation Steps

1. Disable SSLv3 & TLS 1.0/1.1: These protocols are known to be vulnerable.
2. Enable TLS 1.2 and TLS 1.3: Use the latest versions of TLS for strong encryption.
3. Configure Strong Cipher Suites: Prioritize modern, secure cipher suites.
4. Regular Updates: Keep your proxy software up-to-date with the latest security patches.
5. HSTS (HTTP Strict Transport Security): Implement HSTS to force browsers to use HTTPS and prevent downgrade attacks.
6. Monitor Connections: Regularly monitor SSL/TLS connections through your proxy to identify potential downgrades.