The beast attack on SSL isn’t new, but we have not yet published an article to explain how to mitigate it with the ALOHA or HAProxy.
First of all, to mitigate this attack, you must use the Load-Balancer as the SSL endpoint, then just append the following parameter on your HAProxy SSL frontend:
* For the ALOHA Load-Balancer:
bind 10.0.0.9:443 name https ssl crt domain ciphers RC4:HIGH:!aNULL:!MD5
* For HAProxy OpenSource:
bind 10.0.0.9:443 name https ssl crt /path/to/domain.pem ciphers RC4:HIGH:!aNULL:!MD5
As you may have understood, the most important part is the ciphers RC4:HIGH:!aNULL:!MD5 directive which can be used to force the cipher used during the connection and to force it to be strong enough to resist to the attack.
Related Links
- http://blog.zoller.lu/2011/09/beast-summary-tls-cbc-countermeasures.html
- https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls
I’m using `bind x.y.z.a:443 ssl crt /patch/to/file.pem ecdhe prime256v1 ciphers AESGCM:AES:RC4:+EECDH:+EDH:+RSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EECDH+RC4` for A rating on the Qualys SSL Labs server test (including BEAST attack check).
This produces server ciphers ordered by key exchange (ECDHE, DHE, none) and prefers GCM for TLS 1.2
First it adds ciphers we are interested in (AESGCM:AES:RC4), then it orders these (+EECDH:+EDH:+RSA), then removes weak ones (the parts starting with !)
Needed `ecdhe` param for 1.5dev17 to support ECDH. Needed to append output of `openssl dhparam -rand – 2048` to the pem file to enable DH key exchange.