In Q1 2023, Alert Logic scanning capabilities were updated to detect 200 additional weak and insecure SSL ciphers. Many customers encountered difficulty adhering to the significant increase and some claimed it was impossible to support due to software and architecture limitations. Also, there were serious concerns that the recommended SSL ciphers would adversely impact existing IDS monitoring.
These concerns were further exacerbated due to the lack of continuity and consistency among various vendors on what was considered “weak” as it pertained to Payment Card Industry (PCI) requirements. The current ciphers offered by the payment card brands such as Visa caused some contention, but these weaker ciphers appear to be used in conjunction with additional layers of encryption. Also, the PCI Data Security Standard (PCI DSS) still allows for early SSL/TLS to be used for POS POI terminals in certain cases and would need to support this.
This article offers relevant background information and guidance on how to implement detection that is sufficiently secure to obtain a compliant PCI scan.
PCI DSS 3.2 requires the use of “strong cryptography” and defines it as follows.
Cryptography is a method to protect data through a reversible encryption process and is a foundational primitive used in many security protocols and services. Strong cryptography is based on industry-tested and accepted algorithms along with key lengths that provide a minimum of 112 bits of effective key strength and proper key-management practices.
Effective key strength can be shorter than the actual ‘bit’ length of the key, which can lead to algorithms with larger keys providing lesser protection than algorithms with smaller actual, but larger effective, key sizes. It is recommended that all new implementations use a minimum of 128 bits of effective key strength.
Examples of industry references on cryptographic algorithms and key lengths include:
- NIST Special Publication 800-57 Part 1
- BSI TR-02102-1
- ECRYPT-CSA D5.4 Algorithms, Key Size and Protocols Report (2018)
- ISO/IEC 18033 Encryption algorithms
- ISO/IEC 14888-3:2-81 IT Security techniques – Digital signatures with appendix – Part 3: Discrete logarithm-based mechanisms
In addition, throughout the PCI DSS, it states to refer to “industry standards and best practices for information on strong cryptography and secure protocols (e.g. NIST SP 800-52 and SP 800-57, OWASP, etc.)”
NIST 800-52 Guidance
NIST SP 800-52 states that “Servers that support citizen or business-facing applications (i.e., the client may not be part of a government IT system) shall be configured to negotiate TLS 1.2 and should be configured to negotiate TLS 1.3.”
It also states that “Agencies shall support TLS 1.3 by January 1, 2024. After this date, servers shall support TLS 1.3 for both government-only and citizen or business-facing applications.”
The NIST SP 800-52 standard does not require support for any specific cipher suites. However, it does offer guidance on choosing stronger ones:
- Prefer ephemeral keys over static keys (i.e., prefer DHE over DH, and prefer ECDHE over ECDH). Ephemeral keys provide perfect forward secrecy.
- Prefer GCM or CCM modes over CBC mode. The use of an authenticated encryption mode prevents several attacks (see Section 3.3.2 [of SP 800-52r2] for more information). Note that these are not available in versions prior to TLS 1.2.
- Prefer CCM over CCM_8. The latter contains a shorter authentication tag, which provides a lower authentication strength.
Ideal Setup for PCI Scanning
For PCI scanning, the ideal strategy involves the use of SSL offloading with the web application firewall (WAF) or load balancer. The outside should be configured to use PFS ciphers while using a strong non-PFS cipher like TLS_RSA_WITH_AES_256_GCM_SHA384 internally for IDS monitoring.
For more information on SSL cipher compatibility, see the following resources: