Bug 400722

Summary: Out of date TLS Settings
Product: [Applications] kdeconnect Reporter: Dennis Jackson <dennisjackson249>
Component: commonAssignee: Albert Vaca Cintora <albertvaka>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: All   
Latest Commit: https://commits.kde.org/kdeconnect-kde/06d4cb580e46a7aee2bbfe253431602b981c2077 Version Fixed/Implemented In:
Sentry Crash Report:

Description Dennis Jackson 2018-11-05 23:57:41 UTC 
SUMMARY

I took at the code for configuring the TLS socket used for the secure channel. It appears to be out of date and is vulnerable to a number of known attacks. Thankfully, it can be fixed by updating the configuration settings in a backwards compatible fashion. 

SPECIFIC ISSUES: 

ISSUE: 

Only supports TLSv1.0 

DETAILS: 

Enabling support for later TLS versions will improve security and improve performance. Whilst there are no known attacks on correctly configured TLSv1,0, the later TLS versions are considerably easier to correctly configure and support more efficient ciphersuites with better performance. 

ISSUE: 

Supports Broken Ciphersuites 

DETAILS: 

RC4-SHA and RC4-MD5 are known to be broken and have been prohibited by the IETF since 2015. It is possible for an attacker to recover the plaintext of a user's communications

ISSUE: 

Supports difficult to use Ciphersuites

DETAILS:

DHE-RSA-AES256-SHA requires additional configuration as by default the group selected is too small and not considered secure. Unfortunately, old Java clients (<= 7) do not support larger groups and if maintaining support with them is an issue, it is best to stick to ECDHE ciphers (which Java 7 does support). 

RECOMMENDATIONS

At the very least, REMOVE the RC4 and MD5 ciphersuites. 

Assuming you require backwards compatibility with Android 2.3 (the oldest version I could find a KDEConnect app for), switch to using the `Intermediate` configuration provided by Mozilla at [Mozilla Link]. It will maintain support, but upgrade connections to more secure ciphersuites where possible. 

Using more modern ciphersuites will not only improve security, it will also improve performance!  If possible enabling the Modern parameters would be best (supported by Android 5.0 or higher), it disables TLS versions older than v1.2 and uses ciphersuites with perfect forward secrecy. 

ADDITIONAL INFORMATION

I did not examine any other parts of the codebase for issues (e.g. certificate generation and fingerprint exchange). 

The code can be found in `configureSslSocket` inside `core/backends/lan/lanlinkprovider.cpp`. [Github Link]. 

EXTERNAL LINKS:

[Github Link] https://github.com/KDE/kdeconnect-kde/blob/master/core/backends/lan/lanlinkprovider.cpp

[Mozilla Link] https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility

[QT SSL] https://doc.qt.io/qt-5/qsslsocket.html#protocol
Comment 1 Albert Vaca Cintora 2018-11-07 15:24:14 UTC 
Git commit 9e1e4796504c3d35c306e337d1248b9b31d1e2d7 by Albert Vaca.
Committed on 07/11/2018 at 15:24.
Pushed by albertvaka into branch 'master'.

Disable bad cipher suites now that we dropped support for API<14

M  +1    -5    src/org/kde/kdeconnect/Helpers/SecurityHelpers/SslHelper.java

https://commits.kde.org/kdeconnect-android/9e1e4796504c3d35c306e337d1248b9b31d1e2d7
Comment 2 Albert Vaca Cintora 2018-11-07 15:32:09 UTC 
Git commit 06d4cb580e46a7aee2bbfe253431602b981c2077 by Albert Vaca.
Committed on 07/11/2018 at 15:31.
Pushed by albertvaka into branch 'master'.

Disable bad cipher suites now that we dropped support for Android<14

M  +1    -6    core/backends/lan/lanlinkprovider.cpp

https://commits.kde.org/kdeconnect-kde/06d4cb580e46a7aee2bbfe253431602b981c2077