LinuxStories: POODLE: SSLv3 vulnerability (CVE-2014-3566) - UPDATED

[glaukos 4]

UPDATE

1. Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in httpd
2. Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in vsftpd
3. Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) for components that do not allow SSLv3 to be disabled via configuration settings 
4. Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in Firefox and Chromium

 

What Is POODLE?

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory.

POODLE affects older standards of encryption, specifically Secure Socket Layer (SSL) version 3.0. It does not affect the newer encryption mechansim known as Transport Layer Security (TLS).

Recommendations

To mitigate this vulnerability SSL 3.0 should be disabled in all affected packages. Red Hat is continuously working at this time to provide additional use cases and guides to disable SSL 3.0.

 

Determining Vulnerability

If you are not a subscriber, the following script can be run against the server in question. The command will return 'SSL 3.0 enabled' if vulnerable and 'SSL 3.0 disabled' if not.

#!/bin/bash
ulimit -t 5
ret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
  if echo "${ret}" | grep -q 'Cipher.*0000'; then
    echo "SSL 3.0 disabled"
  else
    echo "SSL 3.0 enabled"
 fi
else
  echo "SSL disabled or other error"
fi

NOTE: This script takes the hostname of the server to check as the first argument and an optional port as the second. By default it will check the local system, port 443.

  

Also you can use

Your servers are vulnerable simply if they support SSLv3. Several options here:

With OpenSSL s_client:

 

 openssl s_client -connect : -ssl3

 

 If the connection succeeds, sslv3 is enabled. If it fails, it is disabled. When it fails you should see something like:

 

error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

  

Using nmap:

  

nmap --script ssl-enum-ciphers -p 443 myhostname.tld

 

It should output 'SSLv3: No supported ciphers found'. Adjust for your hostname/port.

 

Using cipherscan. Clone/download the binary and execute it:

 

./cipherscan myhostname.tld

 

It should not list anything with SSLv3 under the 'protocols' column.

 

How to fix

 

Firefox browser

 

Open about:config, find security.tls.version.min and set the value to 1. Then restart your browser to drop any open SSL connections.

Firefox from version 34 onwards will disable SSLv3 by default and thus require no action (source).

However, at the moment of writing, 33 is just released and 34 is set for November 25.

Google Chrome (Linux)

 

Edit the /usr/share/applications/google-chrome.desktop file, e.g.

sudo nano /usr/share/applications/google-chrome.desktop

Edit all lines starting with Exec= to include --ssl-version-min=tls1.

E.g. a line like

Exec=/usr/bin/google-chrome-stable %U

 

becomes

Exec=/usr/bin/google-chrome-stable --ssl-version-min=tls1 %U

 

Then make sure to fully close the browser (Chrome apps may be keeping your browser active in the background!).

Note: You may need to repeat this every google-chrome package update, overwriting this .desktop launcher file.

A Google Chrome or Chromium browser with SSLv3 disabled by default is not yet announced at the time of writing.

Apache HTTPD Server

 

If you're running Apache, just include the following line in your configuration among the other SSL directives:

 

SSLProtocol All -SSLv2 -SSLv3

 

Then check if the new configuration is correct (no typos etc.):

 

apachectl configtest

 

And restart the server, e.g.

 

sudo service apache2 restart

 

More info: Apache documentation

Now test it: If your site is publicly available, test it using Qualys’ SSL Labs tool.

 

Nginx server

 

If you're running Nginx, just include the following line in your configuration among the other SSL directives:

 

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 

And restart the server, e.g.

 

sudo service nginx restart

Reference: Nginx documentation

Now test it: If your site is publicly, available, test it using Qualys' SSL Labs tool.

 

Lighttpd webserver

 

Lighttpd versions >1.4.28 support a configuration option to disable SSLv2 and v3. Lighttpd releases before 1.4.28 allow you to disable SSLv2 ONLY.
Please note that Ubuntu 12.04 LTS and earlier install at best lighttpd v1.4.28 and therefore a simple fix is not available for those distributions.
Therefore this fix should only be used for Ubuntu versions greater than 12.04. If someone knows a fix that's good for 12.04 and earlier, please edit this.
Edit your /etc/lighttpd/lighttpd.conf to add the following lines after the ssl.engine = "enable" directive

 

ssl.use-sslv2          = "disable"

ssl.use-sslv3          = "disable"

 

Then you should restart the lighttpd service with a sudo service lighttpd restart and perform an ssl3 handshake test as described in earlier sections to make sure that the change was implemented successfully.
Taken from http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL.

 

Postfix SMTP

 

For 'opportunistic SSL' (encryption policy not enforced and plain is acceptable too), you don't need to change anything. Even SSLv2 is better than plain, so if you need to secure your server you should be using 'mandatory SSL' mode anyway. For 'mandatory SSL' mode being configured already, just add/change the

 

smtpd_tls_mandatory_protocols setting:

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

 

and restart Postfix:

 

sudo service postfix restart

 

Sendmail

 

(Unverified edit by anonymous user, I'm not comfortable with Sendmail, please verify.)
These options are configured in the LOCAL_CONFIG section of your sendmail.mc

 

LOCAL_CONFIG

CipherList=HIGH

ServerSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE

ClientSSLOptions=+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3

 

Dovecot

 

In Dovecot v2.1+, add the following to your /etc/dovecot/local.conf (or a new file in /etc/dovecot/conf.d):

 

ssl_protocols = !SSLv2 !SSLv3

 

and restart Dovecot:

 

sudo service dovecot restart

 

For older versions you will have to patch the source code.

 

Courier-imap (imapd-ssl)

 

Courier-imap allows SSLv3 by default on Ubuntu 12.04 and others. You should disable it and use STARTTLS instead to force TLS. Edit your /etc/courier/imapd-ssl configuration file to reflect the following changes

 

IMAPDSSLSTART=NO

IMAPDSTARTTLS=YES

IMAP_TLS_REQUIRED=1

TLS_PROTOCOL=TLS1

TLS_STARTTLS_PROTOCOL=TLS1

TLS_CIPHER_LIST=""

HAProxy Server

SSL is supported in HAProxy >= 1.5.
Edit the /etc/haproxy.cfg file and find your bind line. Append no-sslv3. For example:
bind :443 ssl crt ciphers no-sslv3

Reference: HAProxy Documentation

OpenVPN

Appears to be unaffected (source).

OpenVPN uses TLSv1.0, or (with >=2.3.3) optionally TLSv1.2 and is thus not impacted by POODLE.

 

Tomcat

 

When using Tomcat with the JSSE connectors, the SSL protocol to be used can be configured via $TOMCAT_HOME/conf/server.xml.
The following example shows how the sslProtocol in an https connector is configured.

 

Tomcat 5 and 6:

                   maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

               clientAuth="false" sslEnabledProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

Tomcat >= 7
   

                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

               clientAuth="false" sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" />

If the sslEnabledProtocols or sslProtocols attributes are specified, only protocols that are listed and supported by the SSL implementation will be enabled.
If not specified, the JVM default is used. The permitted values may be obtained from the JVM documentation for the allowed values for algorithm when creating an SSLContext instance e.g.
Oracle Java 6 and Oracle Java 7.

 

Tomcat APR

 

When using Tomcat with the APR/Native connectors, the SSL protocol to be used can be configured in $TOMCAT_HOME/conf/server.xml.
The following example shows how the SSLProtocol in an https connector is configured.

 

               maxThreads="150"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               SSLEnabled="true"

               SSLProtocol="TLSv1"

               SSLCertificateFile="${catalina.base}/conf/localhost.crt"

               SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />

 

Configuration parameters are documented here. The default is for the SSLProtocol attribute to be set to ALL, with other acceptable values being SSLv2, SSLv3, TLSv1
and SSLv2+SSLv3. Starting with version 1.1.21 of the Tomcat native library any combination of the three protocols concatenated with a plus sign will be supported.
Note that the protocol SSLv2 is inherently unsafe.

 

View the full article