What are the risks of using TLS 1.0 for web applications?

Question

I work with a company that has several web applications available to its customers via HTTPS.  Recently, client browsers will not access these web applications due to the HTTPS connection being made via SSLv3 when TLS 1.0 was disabled during an of audit.  I understand SSLv3 deprecation is primarily in response to POODLE (SSL3 "POODLE" Vulnerability) as of June 2015 (https://www.rfc-editor.org/rfc/rfc7568).  TLS 1.0 is not officially deprecated, but seems to be discouraged (e.g. by NIST for the US government, see http://www.nist.gov/itl/csd/tls-043014.cfm, and also at this question Should I disable TLS 1.0 on my servers?).
For these particular web applications, the data is not sensitive to the user or the company, so data confidentiality is not a big issue.  However, are there other risks?  For example, if users degrade their browser security to accept TLS 1.0, are they at greater risk from a man-in-the-middle attack from other sources?  Alternatively, is the company at greater risk from having its server impersonated as part of a man-in-the-middle attack?  From a layman's or manager's perspective, what are the risks to the user or company from continuing to use TLS 1.0?
EDIT:  The specific cipher suite used is TLS 1.0 with RSA server key for asymmetric exchange and AES 128 bit for the session key.  MAC is via SHA-1.

hackajar · Answer

If you don't use ECDSA certificate, and use RSA certificate AND you do not use DHE or ECDHE cipher, then anyone at the Starbucks you are at can view, review, or redirect your request.  If you use a RSA certificate, but have DHE or ECDHE turned on, they cannot review your information while at that Starbucks.  If none of these are configured correctly, the government (pick any one) can spy on your traffic.

If this stuff is not important to you:

you do not have a form on your website
you don't care if someone else can track where on your website your visitors click through to
you don't accept credit cards on your website
you don't care if the government tracks your users access to your site

Then don't even bother with TLS encryption.  Just host HTTP stuff.

If this stuff is important to you:

You don't want 3rd party tracking your users traffic
You don't want a government to monitor and possible block (if content offends that government) your content
You care about your users privacy while surfing your site
You offer a form for them to fill out and submit
You accept credit cards on the site

Then turn on TLS on your website

Fábio Pires · Answer

This version of the SSL protocol, was officially release in late 1995 by Netscape after the discovery of serious vulnerabilities in the previous version (SSLv2). It is, therefore, obsolete, and it contains, as well, various flaws. For instance:

No support for SHA256, SHA384 and AEAD (Authenticated Encryption with Associated Data) with GCM ciphers.
No Elliptic Curve (EC) support and therefore no Forward Secrecy (FS).
More recently, in October of 2014, it's vulnerable to a new attack named POODLE (Padding Oracle On Downgrade Legacy Encryption). Padding Oracle attacks surfaced in 2001 and explore the fact that [only] in CBC (Cipher Block Chaining) mode, the padding is not protected by the integrity validation mechanisms of TLS -- i.e. MAC (Message Authentication Code). A malicious person can, thus, perform a Man-In-The-Middle (MITM) attack and force the downgrade of the protocol version, which some browsers voluntarily accept. This type of protocol negotiation is needed to synchronize both parties.

If the user becomes the victim of a MITM attack, an attacker can simply use the trust that the user has in the server to create a phishing page, and possibly steal their credentials or some other sensitive information from the company.

What are the risks of using TLS 1.0 for web applications?

2 Answers

Add your own answers!

Ask a Question