David A. Wheeler writes: > I checked Cygwin.com's SSL/TLS implementation using Qualsys > ( https://www.ssllabs.com/ssltest/ ). Cygwin.com got an overall rating > of "B" (capped because it permits the RC4 cipher).
That's not what I see at the moment, so you might want to check again: Starting Nmap 6.47 ( http://nmap.org ) at 2015-03-08 20:38 CET Nmap scan report for cygwin.com (209.132.180.131) Host is up (0.21s latency). rDNS record for 209.132.180.131: server1.sourceware.org PORT STATE SERVICE 443/tcp open https | ssl-cert: Subject: commonName=cygwin.com/organizationName=Red Hat Inc./stateOrProvinceName=North Carolina/countryName=US | Issuer: commonName=DigiCert SHA2 High Assurance Server CA/organizationName=DigiCert Inc/countryName=US | Public Key type: rsa | Public Key bits: 4096 | Not valid before: 2014-05-15T23:00:00+00:00 | Not valid after: 2016-05-20T11:00:00+00:00 | MD5: d888 b3ed 9f0f f8d1 5b57 fdd7 5122 bb53 |_SHA-1: 349e 7f24 e249 2256 af2d 15a9 2883 ce84 4a40 a88f | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong | TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong | TLS_RSA_WITH_IDEA_CBC_SHA - weak | TLS_RSA_WITH_RC4_128_SHA - strong | TLS_RSA_WITH_SEED_CBC_SHA - strong | compressors: | | TLSv1.1: | ciphers: | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - strong | TLS_DHE_RSA_WITH_SEED_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong | TLS_RSA_WITH_RC4_128_SHA - strong | TLS_RSA_WITH_SEED_CBC_SHA - strong | compressors: | NULL | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | compressors: | NULL |_ least strength: weak > 5. The possibly-updated packages to be installed are downloaded and their > cryptographic hashes (from the signed setup.ini file) are checked. > > Currently (as of 2015-03-08) Cygwin uses MD5 cryptographic hashes. > As long as MD5 is accepted then Cygwin is vulnerable to > MITM, because MD5 is a totally broken algorithm. E.g., in 2012 > the Flame malware exploited MD5 to fake a Microsoft digital signature. Setup.ini also records the file size, so a successful attack would need to pack a malicous payload into a valid archive of the same size and the same MD5 checksum. I think that is a much taller order than simply creating a hash collision. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Waldorf MIDI Implementation & additional documentation: http://Synth.Stromeko.net/Downloads.html#WaldorfDocs -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple