Intermediate TLS compatibility

OWASP 2013-A6 OWASP 2017-A3 OWASP 2021-A2 PCI v3.2-6.5.4 CAPEC-217 CWE-311 HIPAA-164.306 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01

The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-

  1. The connection is private
  2. The identity of parties can be authenticated
  3. The connection is reliable

Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.

There are many applications that don’t need compatibility with Windows XP clients but still needs to support a wide range of clients. For handling this situation, this type of configuration is recommended. This fix is compatible with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.

Impact

The impact include:-

  • Renegotiation attack
  • Downgrade attacks like Logjam and FREAK
  • Cross-platform attacks like DROWN
  • BEAST attack
  • Breach attacks
  • POODLE attacks

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Changing to intermediate compatibility certificates if the users are still using Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.







Latest Articles