https://bugs.kde.org/show_bug.cgi?id=400722
Bug ID: 400722 Summary: Out of date TLS Settings Product: kdeconnect Version: unspecified Platform: unspecified OS: All Status: REPORTED Severity: normal Priority: NOR Component: common Assignee: albertv...@gmail.com Reporter: dennisjackson...@hotmail.com Target Milestone: --- SUMMARY I took at the code for configuring the TLS socket used for the secure channel. It appears to be out of date and is vulnerable to a number of known attacks. Thankfully, it can be fixed by updating the configuration settings in a backwards compatible fashion. SPECIFIC ISSUES: ISSUE: Only supports TLSv1.0 DETAILS: Enabling support for later TLS versions will improve security and improve performance. Whilst there are no known attacks on correctly configured TLSv1,0, the later TLS versions are considerably easier to correctly configure and support more efficient ciphersuites with better performance. ISSUE: Supports Broken Ciphersuites DETAILS: RC4-SHA and RC4-MD5 are known to be broken and have been prohibited by the IETF since 2015. It is possible for an attacker to recover the plaintext of a user's communications ISSUE: Supports difficult to use Ciphersuites DETAILS: DHE-RSA-AES256-SHA requires additional configuration as by default the group selected is too small and not considered secure. Unfortunately, old Java clients (<= 7) do not support larger groups and if maintaining support with them is an issue, it is best to stick to ECDHE ciphers (which Java 7 does support). RECOMMENDATIONS At the very least, REMOVE the RC4 and MD5 ciphersuites. Assuming you require backwards compatibility with Android 2.3 (the oldest version I could find a KDEConnect app for), switch to using the `Intermediate` configuration provided by Mozilla at [Mozilla Link]. It will maintain support, but upgrade connections to more secure ciphersuites where possible. Using more modern ciphersuites will not only improve security, it will also improve performance! If possible enabling the Modern parameters would be best (supported by Android 5.0 or higher), it disables TLS versions older than v1.2 and uses ciphersuites with perfect forward secrecy. ADDITIONAL INFORMATION I did not examine any other parts of the codebase for issues (e.g. certificate generation and fingerprint exchange). The code can be found in `configureSslSocket` inside `core/backends/lan/lanlinkprovider.cpp`. [Github Link]. EXTERNAL LINKS: [Github Link] https://github.com/KDE/kdeconnect-kde/blob/master/core/backends/lan/lanlinkprovider.cpp [Mozilla Link] https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility [QT SSL] https://doc.qt.io/qt-5/qsslsocket.html#protocol -- You are receiving this mail because: You are watching all bug changes.