PSIRT Note: Securing FortiMail HTTPS WebGUI against TLS FREAK attack

fropert_FTNT · ‎03-04-2015

Description

FREAK is an attack on SSL/TLS which allows "Man in the Middle" attackers to decipher and alter HTTPS connections between a server supporting "export-grade" cipher suites and a vulnerable client.

It consists in downgrading the connection's encryption from "strong" RSA to "export-grade" RSA, by leveraging a vulnerability (CVE-2015-0204) on the client side. The "export-grade" encryption is weak enough to be broken by the attacker, who can then decipher and alter the connection.

The FortiGuard advisory bulletin FG-IR-15-007 recommends that a FortiMail with default settings needs a configuration hardening.

Solution

Before FortiMail hardening

openssl s_client -connect :443 -cipher EXPORT
CONNECTED(00000003)
...
New, TLSv1/SSLv3, Cipher is EXP-EDH-RSA-DES-CBC-SHA

The TLS session is negotiated and use RSA_EXPORT ciphers suite.

After FortiMail hardening

Connect to the FortiMail CLI and execute the following commands snippet:

config system global
set strong-crypto enable
end

Exit from shell and re-run the openssl command to verify the FortiMail does not accept the RSA_EXPORT ciphers suite:

openssl s_client -connect :443 -cipher EXPORT
CONNECTED(00000003)
3070502688:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:

The alert handshake failure indicates the FortiMail rejected the TLS connection and is protected against FREAK.