Solved

Patch & workaround for SSLv3 Poodle vulnerability

Posted on 2014-10-17
13
9,923 Views
Last Modified: 2014-10-21
I refer to the vulnerability described below:
·         http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
·         https://www.openssl.org/~bodo/ssl-poodle.pdf
·         http://googleonlinesecurity.blogspot.sg/2014/10/this-poodle-bites-exploiting-ssl-30.html
·         http://en.wikipedia.org/wiki/Padding_oracle_attack
·         http://mashable.com/2014/10/14/google-design-vulnerability-ssl-3-0/
·         http://thenextweb.com/google/2014/10/15/web-encryption-vulnerability-opens-encrypted-data-hackers/


Q1:
Can I disable SSLv3 in browser & web servers (IIS & Apache) using method/command given in
EE link below & if so pls provide the exact steps/commands:
 http://www.experts-exchange.com/Networking/Protocols/SSL/Q_28415542.html

Q2:
I recall for Heartbleed vulnerability, MS came up with workarounds (in IE & some registry) & a couple
of weeks later, released a patch for it.  Is there similar registry workaround (perhaps this was asked
in Q1 above) & will MS be releasing a patch for it?

Any RHEL 5.x/6.x & Solaris x86 Ver 10 patches?


Q3:
If SSLv3 is disabled, how will web service work then?  I recall 1-2 years back, we can disable SSLv2
& one EE expert told me the browser will auto-detect & move on to use SSLv3 if it detects SSLv2
is disabled?  So if both SSLv2 & v3 are disabled, is there something else it will move to?

Q4:
Will deploying host-based IPS (say TrendMicro) more likely to break the app/service (esp web service)
compared to disabling SSLv3 ?

Q5:
Is SSLv3 with TLS1.0, TLS1.1 and TLS1.2 ciphers in F5 loadbalancer also affected by this vulnerability?

Q6:
If we disable SSLv3 in F5 loadbalancer, what's the other alternative the F5 will use?  Assume we
rule out SSLv2 will be used.
0
Comment
Question by:sunhux
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 58

Assisted Solution

by:Gary
Gary earned 225 total points
ID: 40387681
The web runs on multiple versions and v3 is hardly used to start with, disabling v3 should have no effect
See here for how to disable or force the safe versions - depends on your server
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 60 total points
ID: 40387696
If you would read the articles you posted, you would see that SSL has been replaced by TLS.  The Google article notes that SSLv3 is about 18 years old at this point.  For many servers, the Update Manager will provide a package update for OpenSSL like my Ubuntu machines received last night.  One of my hosting companies also apparently did an update last night because my SSL connection doesn't work there anymore.!
0
 
LVL 58

Expert Comment

by:Gary
ID: 40387705
@Dave
I was under the impression there is no fix, the linux updates that are happening are more a disabling of it as fallback protocol - and you should manually disable it yourself on all devices that may use it
0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 225 total points
ID: 40387713
Yep, on Centos with the update applied and the protocol not specified on nGinx it can still use v3 as a fallback

edit
I'll rescind my previous comment a bit, it prevents a TLS fallback to SSL
0
 
LVL 61

Assisted Solution

by:btan
btan earned 215 total points
ID: 40387816
1. In IIS, disable in IIS via
https://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html

Verify that no SSL 2.0 or SSL 3.0 ciphers are available at ServerSniff.net or the Public SSL Server Database

Apache
Disable SSLv2 and SSLv3 in your ssh apache configuration by setting:
SSLProtocol all -SSLv2 -SSLv3 Or use SSLProtocol TLSv1 TLSv1.1 TLSv1.2
Note to also set  Also use "apachectl configtest" to test your configuration and "sudo service apache restart" to Restart server

Nginx
Allow support only for TLS in Nginx with the following:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

MySQL
Remove SSLv3 support from MySQL you need only ensure that none of the SSLv3 ciphers are in use wihtin your configuration.
As per information in this bug you can find a list of SSLv3 ciphers by simply
openssl ciphers -v 'DEFAULT' | awk '/SSLv3 Kx=(RSA|DH|DH(512))/ { print $1 }'

2. There is no "patch". It's a vulnerability in the protocol, not a bug in the implementation.
Internet Explorer users can follow the steps in Security Advisory 3009008 to disable SSL 3.0. Unlike Heartbleed, the attacker needs to have access to the network between the client and server to interfere with the handshake process.
https://technet.microsoft.com/en-us/library/security/3009008.aspx

For RHEL and Solaris, there is also a script (poodle_protector) can be found on GitHub:
https://github.com/stdevel/poodle_protector

The security advisory from OpenSSL.org recommended the usage of TLS_FALLBACK_SCSV mechanism to web servers, to ensure that SSL 3.0 is used only when necessary (when a legacy implementation is involved). This way, attackers can no longer force a protocol downgrade.

3.  After applying the workarounds above, Internet Explorer will fail to connect to Web servers that only support SSL up to 3.0 and don’t support TLS 1.0, TLS 1.1, and TLS 1.2.

As long as a client and service both support SSLv3, a connection can
be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the
client and service. The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any
particular SSL implementation. Disabling SSLv3 is the only way to
completely mitigate the vulnerability.

For (1), (2) and (3), can catch how to disable SSL 3 in various servers and browsers, head to blog post.
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/


4. It is just another of check and can be doubled edged as in the HIPS is also another s/w piece that can be flawed and needed to patch. At least if there is a patch for OS, you are at baseline covered but appl wise you needed, more proactive checks which HIPS comes in too in case patch is still pending for appls.
Of course the HIPS must be first mitigated the threats itself. It applies for other network device and network security devices etc. Defense in depth is recommended only if the security team is proactive and response robustly so that windows of exposure is minimise in overall effort from top down.
For info, Trend Micro Deep Security has DPI rules for POODLE vulnerability e.g. 1006293 – Detected SSLv3 Request and 1006296 – Detected SSLv3 Response


5/6.  BIG-IP response. In 11.5.0, F5 made the decision to be secure by default and disable SSLv3 ciphers by default for the traffic path. Note that by default all clientssl and serverssl profiles inherit from the base profiles. If you have changed your ciphers in any of your SSL profiles, you will have to add “!SSLv3” to those profiles' cipher lists also.
BIG-IP has a management GUI that is contacted over SSL. By default, SSLv3 ciphers are enabled on all releases. This is configurable and to remove SSLv3 from 11.5.x and 11.6.x, you can disable SSLv3 via the command console e.g. "ssl-protocol "all -SSLv2""  
Also F5 release a simple iRule to stop SSLv3 connections if you are not using the BIG-IP for SSL termination.

https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
0
 
LVL 61

Expert Comment

by:btan
ID: 40387826
I do encourage you check on the openssl vulnerability on top of the POODLE on those released in 15th October 2014 e.g. CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568
https://www.openssl.org/news/vulnerabilities.html
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:sunhux
ID: 40388934
> The security advisory from OpenSSL.org recommended the usage of
> TLS_FALLBACK_SCSV mechanism to web servers, to ensure that SSL 3.0
> is used only when necessary (when a legacy implementation is
> involved). This way, attackers can no longer force a protocol
> downgrade.

I'm interested to know the steps on how to implement the above for
IIS & Apache.  Can share the details?
0
 

Author Comment

by:sunhux
ID: 40388935
Oh, I forgot that Openssl is only for Apache.

So can I safely say that IIS (that uses say Netrust SSL) is not affected
by this Poodle vulnerability?
0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 225 total points
ID: 40388979
It is affected, you need to remedy it with the methods above.

For Apache edit the ssl.conf
Look for SSLProtocol and amend it like so

SSLProtocol all -SSLv3 -SSLv2
0
 
LVL 61

Accepted Solution

by:
btan earned 215 total points
ID: 40389484
IIS uses SSL as well, Poodle is about SSLv3 - so all services using SSLv3 is affected. The changes in Apache is stated in last posting. One means to disable for Windows Servers as a whole is as below

also note that each vendor having SSL will have already make notice such as s Entrust too.. http://www.entrust.com/lp/poodle-security-vulnerability-cve-2014-3566/

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
on Protocols, and in the pop-up menu, click New > Key. Name the key, SSL 3.0.
right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key. Name the key, Client.
right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key. Name the key, Server.

under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value DisabledByDefault.
under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1

under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value Enabled.
under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0.

Restart your Windows server
0
 

Author Comment

by:sunhux
ID: 40389997
> The security advisory from OpenSSL.org recommended the usage of
> TLS_FALLBACK_SCSV mechanism to web servers, to ensure that SSL 3.0
> is used only when necessary (when a legacy implementation is
> involved). This way, attackers can no longer force a protocol
> downgrade.

Thanks Gary for sharing the change needed to implement the above for
Apache.

Thanks Btan, are the steps you shared for IIS also implement the above or
it's just disabling SSLv2 & SSLv3 completely ie with no option to support
a legacy SSLv3?  Just wanted to reduce risk of breaking apps
0
 
LVL 58

Expert Comment

by:Gary
ID: 40390026
TLS has been around for 15 years, it's highly unlikely you have anything relying purely on SSL v3 but instead using TLS.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 215 total points
ID: 40391088
the steps is for entire windows OS  which IIS also adhered to this. it is as per below for Windows server. you can surely make sure any fronting proxy to the IIS are also patched as well to disabled sslv3. Kindly do make the prior assessment.
https://technet.microsoft.com/en-us/library/security/3009008.aspx
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now