Ask a Question

Advanced Search

Alert ID : ALERT2555

Last Modified : 05/03/2018




The ROBOT vulnerability ( affects web servers that are configured to use RSA encryption key exchange. By exploiting the vulnerability, an attacker can recover the session key used for one or more sessions, and thereby decrypt communications to and from the web server.

There are two possible options to mitigate the vulnerability. If your web server uses or is front-ended by hardware and/or software listed in the above announcement, you can apply the upgrades provided by the vendors. Alternatively, you can disable ciphersuites that employ RSA encryption key exchange (any ciphersuites whose name starts with “TLS_RSA”). DigiCert recommends applying both options, because RSA encryption key exchange does not provide forward secrecy. Forward secrecy means that every session utilizes a unique independent session key, so that even if an attacker succeeds in compromising one session key, they cannot leverage that information to compromise other session keys.

Note that neither the vulnerability nor the mitigations affect the TLS certificate itself. Even if an attacker leveraged ROBOT against your web server, they would not be able to obtain the private key of the server, only session keys. There is no need to replace TLS certificates, nor should there be any concern about compatibility between the mitigations and your TLS certificate. Disabling RSA key exchange ciphersuites means that the private key associated with your TLS certificate will not be used to encrypt session keys.