Today it was announced that OpenSSL has another security defect called Decrypting RSA with Obsolete and Weakened eNcryption or “DROWN.” DROWN is a cross-protocol attack which leverages a specific weaknesses in certain OpenSSL SSLv2 implementationsPrimarily a Man-in-the-Middle (MitM) attack, DROWN can allow decryption of a TLS connection by using sending specially crafted SSLv2 malicious packets and open decryption tools.

The primary vulnerability in the marketplace are poorly configured HTTPS webservers which still permit SSLv2 to be negotiated.  IpTL only uses TLSv1.2, for tunnel transport and encryption, and does not have any option to negotiate SSLv2.  As we always have security at the forefront we are not vulnerable to this attack. 

Here are some key points which are standard in any IpTL solution:

  • IpTL secure links do not use SSL or HTTPS. We are built on TLSv1.2 and use AES 256 encryption default.

  • There are no weak export ciphers in our system.

  • We use 2,048 bit RSA asymmetric keys.

  • IpTL is a closed symmetric system with our appliances or virtual machines are on both ends of the link and not point-security solution.

    Thus, we can guarantee AES 256 encryption on your data and no one can force a downgrade to another encryption level which can be broken.   If the cipher spec is altered then no connection will take place and no data leaked.

  • With our Tunnel Authentication passphrase you can input a 64 character passcode which locks even the initial TLS communications between the endpoints.  Note: this is not the encryption pre-shared key (we don’t offer preshared keys!) 

    When using this feature only the appliances sharing the same passphrase can communicate.  Any other connection attempts are ignored…you can’t even get the server to respond to a non-authorized connection to attempt a downgrade.  This is above and beyond our standard ephemeral key exchanges and HMACs of TLS!

  • IpTL offers the elliptical curve AES 256 GCM with SHA 384 as a cipher option for true state-of-the-art confidentiality, standard!

Email us at marketing@iptechnologylabs.com and ask for our Security White Paper for even deeper details on how we connect and secure your network!

Category : Corporate / Security Advisories

Sorry, the comment form is closed at this time.