swdist.apple.com https implementation insecure
| Originator: | pepi.zawodsky | ||
| Number: | rdar://18840491 | Date Originated: | 31-Oct-2014 08:48 PM |
| Status: | Open | Resolved: | |
| Product: | Other | Product Version: | swdist.apple.com |
| Classification: | Security | Reproducible: | Always |
Summary: swdist.apple.com https implementation highly insecure Steps to Reproduce: Check the https implementation of swdist.apple.com https://dev.ssllabs.com/ssltest/analyze.html?d=swdist.apple.com&s=8.247.94.174 and https://dev.ssllabs.com/ssltest/analyze.html?d=swdist.apple.com&s=8.247.74.174 Expected Results: Should be excellently implemented with proper protocols and ciphers. Actual Results: The supported ciphers are: TLS_RSA_WITH_RC4_128_MD5 (0x4) 128 TLS_RSA_WITH_RC4_128_SHA (0x5) 128 TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK 40 TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) WEAK 40 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112 TLS_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56 TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK 40 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) WEAK Among those is not a single secure cipher. No AES in GCM mode (which wouldn't even be supported by OS Yosemite or iOS 8 anyway.) No forward secrecy, no support for TLS_FALLBACK_SCSV, no HSTS, no OCSP stapling… Regression: n/a Notes: I don't care if Apple does check updates by signatures themselves as well. Wouldn't be the first time that signature checks were broken in OS X and iOS as well as suspected private key leaks in lieu of upcoming need for GateKeeper v2 signatures.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!