Not everyone is vulnerable to the potential attack vector that researchers from INRIA, a French research institute, and Microsoft disclosed recently. In order to be vulnerable, the computer or server must support a class of deliberately weak export cipher suites. Support for these weak algorithms has remained in many implementations, however they are typically disabled by default. Nevertheless, the researchers discovered that several implementations incorrectly allow the message sequence of export ciphersuites to be used even if a non-export ciphersuite was nogotiated. This post shows how you can test a server to detect if it has been configured to allow export cipher suites to be used.
Scanning for FREAK with nmap
The nmap scan that we will launch will list all supported SSL/TLS ciphers and protocols. The scan will use the ssl-enum-ciphers nmap NSE script for this task.
The nmap command that we can use to scan for FREAK is the following: nmap.exe -p 443 --script ssl-enum-ciphers -oN freak_443 192.168.1.17
The command-line options that we specify mean the following:
-p 443
: This indicates the port that we want to scan. Here we only scan port 443 which is the most common SSL/TLS port. If you have SSL/TLS servers running on other ports, you can add them by separating them with commas, e.g. -p 443,8080,8443,8888. If you leave out the -p parameter, nmap will scan a default list of the most common ports.--script ssl-enum-ciphers
: This indicates that the ssl-enum-ciphers NSE script should be executed on every found open port. This script will enumerate all SSL/TLS ciphers and protocols that the scanned server supports.-oN freak_443
: Output scan in normal format to the given filename (in this case the filename will be freak_443.nmap)192.168.1.17
: This indicates the machine to scan.
If the server you are scanning supports the weak export ciphersuites, then the word EXPORT will be present in the name of the ciphersuite.
Example output
Example output 1: a server supporting export ciphersuites, and therefore being vulnerable to FREAK
The example below shows the output of an nmap scan on a server that still supports the export ciphersuites. The fact that the export ciphersuites are still supported can be clearly seen in the output: the list of supported ciphersuites clearly shows ciphersuites containing the word "EXPORT" in their name.
C:\TOOLS\nmap-6.40>nmap --script ssl-enum-ciphers -p 443 192.168.1.17
# Nmap 6.40 scan initiated Sun Mar 08 20:41:51 2015 as: nmap --script ssl-enum-ciphers -p 443 192.168.1.17
Nmap scan report for 192.168.1.17
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA - weak
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA - broken
| TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 - broken
| TLS_DH_anon_WITH_3DES_EDE_CBC_SHA - broken
| TLS_DH_anon_WITH_AES_128_CBC_SHA - broken
| TLS_DH_anon_WITH_AES_256_CBC_SHA - broken
| TLS_DH_anon_WITH_RC4_128_MD5 - broken
| TLS_RSA_EXPORT_WITH_DES40_CBC_SHA - weak
| TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 - weak
| TLS_RSA_EXPORT_WITH_RC4_40_MD5 - weak
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: broken
# Nmap done at Sun Mar 08 20:42:16 2015 -- 1 IP address (1 host up) scanned in 26.10 seconds
Example output 2: a server not supporting export ciphersuites, and therefore NOT being vulnerable to FREAK
The example below shows the output of an nmap scan on a server that does not support export ciphersuites. The fact that export ciphersuites are no longer supported can be clearly seen in the output: there is no ciphersuite with the word "EXPORT" in its name.
C:\TOOLS\nmap-6.40>nmap --script ssl-enum-ciphers -p 443 192.168.1.17
# Nmap 6.40 scan initiated Sun Mar 08 20:31:25 2015 as: nmap --script ssl-enum-ciphers -p 443 192.168.1.17
Nmap scan report for 192.168.1.17
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong
| TLS_RSA_WITH_AES_128_CBC_SHA - strong
| TLS_RSA_WITH_AES_256_CBC_SHA - strong
| TLS_RSA_WITH_RC4_128_MD5 - strong
| TLS_RSA_WITH_RC4_128_SHA - strong
| compressors:
| NULL
|_ least strength: strong
# Nmap done at Sun Mar 08 20:31:49 2015 -- 1 IP address (1 host up) scanned in 23.93 seconds