Solved

Patch & workaround for SSLv3 Poodle vulnerability

Posted on 2014-10-17
13
9,996 Views
Last Modified: 2014-10-21
I refer to the vulnerability described below:
·         http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
·         https://www.openssl.org/~bodo/ssl-poodle.pdf
·         http://googleonlinesecurity.blogspot.sg/2014/10/this-poodle-bites-exploiting-ssl-30.html
·         http://en.wikipedia.org/wiki/Padding_oracle_attack
·         http://mashable.com/2014/10/14/google-design-vulnerability-ssl-3-0/
·         http://thenextweb.com/google/2014/10/15/web-encryption-vulnerability-opens-encrypted-data-hackers/


Q1:
Can I disable SSLv3 in browser & web servers (IIS & Apache) using method/command given in
EE link below & if so pls provide the exact steps/commands:
 http://www.experts-exchange.com/Networking/Protocols/SSL/Q_28415542.html

Q2:
I recall for Heartbleed vulnerability, MS came up with workarounds (in IE & some registry) & a couple
of weeks later, released a patch for it.  Is there similar registry workaround (perhaps this was asked
in Q1 above) & will MS be releasing a patch for it?

Any RHEL 5.x/6.x & Solaris x86 Ver 10 patches?


Q3:
If SSLv3 is disabled, how will web service work then?  I recall 1-2 years back, we can disable SSLv2
& one EE expert told me the browser will auto-detect & move on to use SSLv3 if it detects SSLv2
is disabled?  So if both SSLv2 & v3 are disabled, is there something else it will move to?

Q4:
Will deploying host-based IPS (say TrendMicro) more likely to break the app/service (esp web service)
compared to disabling SSLv3 ?

Q5:
Is SSLv3 with TLS1.0, TLS1.1 and TLS1.2 ciphers in F5 loadbalancer also affected by this vulnerability?

Q6:
If we disable SSLv3 in F5 loadbalancer, what's the other alternative the F5 will use?  Assume we
rule out SSLv2 will be used.
0
Comment
Question by:sunhux
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 58

Assisted Solution

by:Gary
Gary earned 225 total points
ID: 40387681
The web runs on multiple versions and v3 is hardly used to start with, disabling v3 should have no effect
See here for how to disable or force the safe versions - depends on your server
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 60 total points
ID: 40387696
If you would read the articles you posted, you would see that SSL has been replaced by TLS.  The Google article notes that SSLv3 is about 18 years old at this point.  For many servers, the Update Manager will provide a package update for OpenSSL like my Ubuntu machines received last night.  One of my hosting companies also apparently did an update last night because my SSL connection doesn't work there anymore.!
0
 
LVL 58

Expert Comment

by:Gary
ID: 40387705
@Dave
I was under the impression there is no fix, the linux updates that are happening are more a disabling of it as fallback protocol - and you should manually disable it yourself on all devices that may use it
0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 225 total points
ID: 40387713
Yep, on Centos with the update applied and the protocol not specified on nGinx it can still use v3 as a fallback

edit
I'll rescind my previous comment a bit, it prevents a TLS fallback to SSL
0
 
LVL 62

Assisted Solution

by:btan
btan earned 215 total points
ID: 40387816
1. In IIS, disable in IIS via
https://www.sslshopper.com/article-how-to-disable-ssl-2.0-in-iis-7.html

Verify that no SSL 2.0 or SSL 3.0 ciphers are available at ServerSniff.net or the Public SSL Server Database

Apache
Disable SSLv2 and SSLv3 in your ssh apache configuration by setting:
SSLProtocol all -SSLv2 -SSLv3 Or use SSLProtocol TLSv1 TLSv1.1 TLSv1.2
Note to also set  Also use "apachectl configtest" to test your configuration and "sudo service apache restart" to Restart server

Nginx
Allow support only for TLS in Nginx with the following:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

MySQL
Remove SSLv3 support from MySQL you need only ensure that none of the SSLv3 ciphers are in use wihtin your configuration.
As per information in this bug you can find a list of SSLv3 ciphers by simply
openssl ciphers -v 'DEFAULT' | awk '/SSLv3 Kx=(RSA|DH|DH(512))/ { print $1 }'

2. There is no "patch". It's a vulnerability in the protocol, not a bug in the implementation.
Internet Explorer users can follow the steps in Security Advisory 3009008 to disable SSL 3.0. Unlike Heartbleed, the attacker needs to have access to the network between the client and server to interfere with the handshake process.
https://technet.microsoft.com/en-us/library/security/3009008.aspx

For RHEL and Solaris, there is also a script (poodle_protector) can be found on GitHub:
https://github.com/stdevel/poodle_protector

The security advisory from OpenSSL.org recommended the usage of TLS_FALLBACK_SCSV mechanism to web servers, to ensure that SSL 3.0 is used only when necessary (when a legacy implementation is involved). This way, attackers can no longer force a protocol downgrade.

3.  After applying the workarounds above, Internet Explorer will fail to connect to Web servers that only support SSL up to 3.0 and don’t support TLS 1.0, TLS 1.1, and TLS 1.2.

As long as a client and service both support SSLv3, a connection can
be 'rolled back' to SSLv3, even if TLSv1 or newer is supported by the
client and service. The TLS Fallback SCSV mechanism prevents 'version rollback' attacks without impacting legacy clients however, it can only protect connections when the client and service support the mechanism. Sites that cannot disable SSLv3 immediately should enable this mechanism.

This is a vulnerability in the SSLv3 specification, not in any
particular SSL implementation. Disabling SSLv3 is the only way to
completely mitigate the vulnerability.

For (1), (2) and (3), can catch how to disable SSL 3 in various servers and browsers, head to blog post.
https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/


4. It is just another of check and can be doubled edged as in the HIPS is also another s/w piece that can be flawed and needed to patch. At least if there is a patch for OS, you are at baseline covered but appl wise you needed, more proactive checks which HIPS comes in too in case patch is still pending for appls.
Of course the HIPS must be first mitigated the threats itself. It applies for other network device and network security devices etc. Defense in depth is recommended only if the security team is proactive and response robustly so that windows of exposure is minimise in overall effort from top down.
For info, Trend Micro Deep Security has DPI rules for POODLE vulnerability e.g. 1006293 – Detected SSLv3 Request and 1006296 – Detected SSLv3 Response


5/6.  BIG-IP response. In 11.5.0, F5 made the decision to be secure by default and disable SSLv3 ciphers by default for the traffic path. Note that by default all clientssl and serverssl profiles inherit from the base profiles. If you have changed your ciphers in any of your SSL profiles, you will have to add “!SSLv3” to those profiles' cipher lists also.
BIG-IP has a management GUI that is contacted over SSL. By default, SSLv3 ciphers are enabled on all releases. This is configurable and to remove SSLv3 from 11.5.x and 11.6.x, you can disable SSLv3 via the command console e.g. "ssl-protocol "all -SSLv2""  
Also F5 release a simple iRule to stop SSLv3 connections if you are not using the BIG-IP for SSL termination.

https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
0
 
LVL 62

Expert Comment

by:btan
ID: 40387826
I do encourage you check on the openssl vulnerability on top of the POODLE on those released in 15th October 2014 e.g. CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568
https://www.openssl.org/news/vulnerabilities.html
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:sunhux
ID: 40388934
> The security advisory from OpenSSL.org recommended the usage of
> TLS_FALLBACK_SCSV mechanism to web servers, to ensure that SSL 3.0
> is used only when necessary (when a legacy implementation is
> involved). This way, attackers can no longer force a protocol
> downgrade.

I'm interested to know the steps on how to implement the above for
IIS & Apache.  Can share the details?
0
 

Author Comment

by:sunhux
ID: 40388935
Oh, I forgot that Openssl is only for Apache.

So can I safely say that IIS (that uses say Netrust SSL) is not affected
by this Poodle vulnerability?
0
 
LVL 58

Assisted Solution

by:Gary
Gary earned 225 total points
ID: 40388979
It is affected, you need to remedy it with the methods above.

For Apache edit the ssl.conf
Look for SSLProtocol and amend it like so

SSLProtocol all -SSLv3 -SSLv2
0
 
LVL 62

Accepted Solution

by:
btan earned 215 total points
ID: 40389484
IIS uses SSL as well, Poodle is about SSLv3 - so all services using SSLv3 is affected. The changes in Apache is stated in last posting. One means to disable for Windows Servers as a whole is as below

also note that each vendor having SSL will have already make notice such as s Entrust too.. http://www.entrust.com/lp/poodle-security-vulnerability-cve-2014-3566/

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
on Protocols, and in the pop-up menu, click New > Key. Name the key, SSL 3.0.
right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key. Name the key, Client.
right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key. Name the key, Server.

under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value DisabledByDefault.
under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1

under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value. Name the value Enabled.
under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0.

Restart your Windows server
0
 

Author Comment

by:sunhux
ID: 40389997
> The security advisory from OpenSSL.org recommended the usage of
> TLS_FALLBACK_SCSV mechanism to web servers, to ensure that SSL 3.0
> is used only when necessary (when a legacy implementation is
> involved). This way, attackers can no longer force a protocol
> downgrade.

Thanks Gary for sharing the change needed to implement the above for
Apache.

Thanks Btan, are the steps you shared for IIS also implement the above or
it's just disabling SSLv2 & SSLv3 completely ie with no option to support
a legacy SSLv3?  Just wanted to reduce risk of breaking apps
0
 
LVL 58

Expert Comment

by:Gary
ID: 40390026
TLS has been around for 15 years, it's highly unlikely you have anything relying purely on SSL v3 but instead using TLS.
0
 
LVL 62

Assisted Solution

by:btan
btan earned 215 total points
ID: 40391088
the steps is for entire windows OS  which IIS also adhered to this. it is as per below for Windows server. you can surely make sure any fronting proxy to the IIS are also patched as well to disabled sslv3. Kindly do make the prior assessment.
https://technet.microsoft.com/en-us/library/security/3009008.aspx
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RDP Sonicwall 8 67
SSH over http/https 8 111
Structural Sanitization 4 39
How to list which IP address is the managed switch in my company ? 13 93
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now