7.10 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled

Information

The TLSv1.0 and TLSv1.1 protocols should be disabled via the 'SSLProtocol' directive. The TLSv1.0 protocol is vulnerable to information disclosure and both protocols lack support for modern cryptographic algorithms including authenticated encryption. The only SSL/TLS protocols that should be allowed is TLSv1.2 along with the new TLSv1.3 protocol when it is supported.

Rationale:

The TLSv1.0 protocol is vulnerable to the BEAST attack when used in CBC mode (October 2011). Unfortunately, the TLSv1.0 uses CBC modes for all of the block mode ciphers, which only leaves the RC4 streaming cipher which is also weak and is not recommended. Therefore, it is recommended that the TLSv1.0 protocol be disabled. The TLSv1.1 protocol does not support Authenticated Encryption with Associated Data (AEAD) which is designed to simultaneously provide confidentiality, integrity, and authenticity. All major up-to-date browsers support TLSv1.2, and most recent versions of FireFox and Chrome support the newer TLSv1.3 protocol, since 2017.

The NIST SP 800-52r2 guidelines for TLS configuration require that TLS 1.2 is configured with FIPS-based cipher suites be supported by all government TLS servers and clients and requires support of TLS 1.3 by January 1, 2024. A September 2018 IETF draft also depreciates the usage of TLSv1.0 and TLSv1.1 as shown in the references.

Solution

Perform the following to implement the recommended state:

1. Check if the TLSv1.3 protocol is supported by the Apache server by either checking that the version of OpenSSL is 1.1.1 or later or place the 'TLSv1.3' value in the 'SSLProtocol' string of a configuration file and check the syntax with the 'httpd -t' command before using the file in production. Two examples below are shown of servers that do support the TLSv1.3 protocol.

$ openssl version
OpenSSL 1.1.1a 20 Nov 2018

### _(Add TLSv1.3 to the SSLProtocol directive)_
# httpd -t
Syntax OK

2. Search the Apache configuration files for the 'SSLProtocol' directive; add the directive, if not present, or change the value to 'TLSv1.2' or 'TLSv1.2 TLSv1.3' if the TLSv1.3 protocol is supported.

See Also

https://workbench.cisecurity.org/files/2378

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv6|14.2, CSCv7|14.4

Plugin: Unix

Control ID: 0634de0ae5deea43fd1aec486ddd6422c5108791064ef7347ff6cb2bc69fed81