MacOS – In the light of the FREAK TLS vulnerability, how may I disable insecure cipher suites manually in Safari

A research group named SMACK has released a vulnerability known as FREAK which can be used for man-in-the-middle (MITM) attack. The vulnerability is due to an old ghost created by USA Government (NSA, more specifically) where in, years ago, they convinced several organizations to use weaker keys, known as export-grade keys for any software that was to be used outside the borders of USA. While the use of strong keys is wide spread now, several servers still have support for the weaker keys.

The group discovered that this vulnerability can be exploited by using a client and making a connection via a weak key. Once the key is generated by the server, it is reused until the server is restarted which can potentially be months. The group was able to crack this weak server key in 7.5 hours using Amazon EC2. Once this is cracked, potentially all the communication can be downgraded to use weak keys and MITM'ed.

The attack mainly addresses OpenSSL (e.g. Android) clients and Apple TLS/SSL clients (Safari) in conjunction with vulnerable web servers but not Firefox, Chrome or IE.

How may I disable some or all of the insecure Cipher Suites manually on the client side by e.g. editing some configuration files in Safari, using an appropriate Safari extension or modifying binaries directly to immediately fix the vulnerability especially in older Safari versions probably not updated by Apple? Is it possible at all?

The Cipher Suites in question are:

CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5         = { 0x00,0x03};
CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5     = { 0x00,0x06};
CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA      = { 0x00,0x08};
CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA   = { 0x00,0x0B};
CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA   = { 0x00,0x0E};
CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x11};
CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x14};
CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5     = { 0x00,0x17};
CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA  = { 0x00,0x19};

and maybe some more.

Best Answer

Safari on OS X uses Secure Transport for SSL/TLS, the same implementation which is linked in cURL, App Store, etc. Secure Transport does not have any user configurations available. Therefore, it is not possible to modify Safari cipher suites.

Anyway, Apple recently released Security Update 2015-002 which fixes this issue.

Impact: An attacker with a privileged network position may intercept SSL/TLS connections

Description: Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.

CVE-2015-1067 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of Prosecco at Inria Paris

You can examine Secure Transport client with something like, curl "https://www.howsmyssl.com/a/check" | tr ',' '\n'. As someone pointed out, it is also a good idea to use Firefox or Chrome which use NSS instead.

Best Answer

Related Solutions

MacOS – How to disable Safari-only mode

How to add a website to Safari Top Sites manually

Related Question