Control: SSL/TLS servers should avoid using RC4 cipher suites

Description

RC4 is a stream cipher, and it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to cyber attacks. RC4 is demonstrably broken, weak and unsafe to use in TLS as currently implemented.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.ssl_avoid_using_rc4_cipher_suite

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.ssl_avoid_using_rc4_cipher_suite --share

Steampipe Tables

net_tls_connection

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

with domain_list as (
  select
    domain,
    concat(domain, ':443') as address
  from
    jsonb_array_elements_text(to_jsonb($1 :: text [ ])) as domain
),
check_rc4_cipher as (
  select
    address,
    count(*)
  from
    net_tls_connection
  where
    address in (
      select
        address
      from
        domain_list
    )
    and cipher_suite_name in (
      'TLS_RSA_WITH_RC4_128_SHA',
      'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA',
      'TLS_ECDHE_RSA_WITH_RC4_128_SHA'
    )
    and handshake_completed
  group by
    address
)
select
  d.domain as resource,
  case
    when i.address is null
    or i.count < 1 then 'ok'
    else 'alarm'
  end as status,
  case
    when i.address is null
    or i.count < 1 then d.domain || ' does not use RC4 cipher suites.'
    else d.domain || ' uses RC4 cipher suites.'
  end as reason
from
  domain_list as d
  left join check_rc4_cipher as i on d.address = i.address;