Matt Thomlinson has posted an article “Advancing our encryption and transparency efforts” where he basically says that now the mail going though Outlook.com will be encrypted. Additionally that security enhancements to many other services, like Azure, Office 365, etc. are already deployed
Let’s take a closer look at those claims.
Outlook.com web interface
Quick scan of outlook.com using ssllabs.com scanner quickly shows that the servers are actually badly configured and support insecure, client-initiated renegotiation. In effect, they are vulnerable to the MITM attacks (CVE-2009-3555). Grade F.
They also don’t support TLS1.2 or perfect forward secrecy suites.
At least RC4 is not negotiated by default…
Very bad configuration.
Outlook.com SMTP
According to google data, the mails in transit are indeed encrypted both inbound and outbound.
And indeed, the configuration for the SMTP servers supports PFS, has good ordering of cipher suites and the certificates are trusted and have correct Subject Alternative Names:
./cipherscan -starttls smtp -servername mx1.hotmail.com mx1.hotmail.com:25 ............ prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-384,384bits 2 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits 3 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-384,384bits 4 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 5 AES256-SHA256 TLSv1.2 6 AES128-SHA256 TLSv1.2 7 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 8 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 9 DES-CBC3-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 10 RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 11 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 Certificate: trusted, 2048 bit, sha1WithRSAEncryption signature TLS ticket lifetime hint: None OCSP stapling: not supported Server side cipher ordering
OK configuration.
OneDrive web interface
The onedrive.live.com has also a good configuration. Grade A+. The server uses HTTP Strict Transport Security, is not vulnerable to any known exploits, uses PFS with modern browsers (ECDHE only, sadly no DHE) and does not use RC4 unless its the only cipher supported by client (prioritised above 3DES and AES cipher suites).
The only two small faults are: no support for AES-GCM cipher suites and the certificates are signed with the weak SHA1. The latter being definitely the bigger issue.
All in all, an OK config.
Azure web interface
Let us take a look at Azure web site now. While the server does get grade A-, the problems it has are a bit more major.
Firstly, the server prioritises RC4 cipher above others. Secondly, while it is PFS capable, it doesn’t prioritise ECDHE cipher suites.
Again, the server doesn’t support AES-GCM and uses certificates signed with the weak SHA1.
Bad configuration if we apply the advice from Microsoft Security Advisory 2868725.
Bad configuration.
Summary
While some of their servers are indeed configured correctly, leaving servers wide open to known security exploits (CVE-2009-3555) doesn’t bode well for the general security practice inside the cloud computing division…
