Am Mittwoch, 15. Oktober 2014, 17:26:49 schrieb Daniel Kahn Gillmor: > On 10/15/2014 03:10 PM, Tim Rühsen wrote: > > I tried to make clear that Wget *explicitely* asks for SSLv2 and SSLv3 in > > the default configuration when compiled with OpenSSL. Whatever the > > OpenSSL library vendor is doing... it won't affect Wget in this case. So > > with your attitude, you won't ever be safe ever from Poodle (I guess). > > > > And again my question: should we change the default behaviour of future > > versions of Wget ? > > With other words: since we know, the library vendor wouldn't help in the > > above case, what can we do to secure Wget ? > > hm, i think Tim is on to something here: by default, wget should use the > default ciphersuites and protocol versions selected by the TLS library. > Tweaking the default choices in wget itself tends to make wget more > brittle than the underlying library. > > The only way that should work to try to improve security in wget via TLS > implementation preference strings is if the preference string is > explicitly a minor modification of some system default. This may or may > not be possible depending on the preference string syntax of the > selected TLS implementation. > > (e.g. [for OpenSSL] if the system default is always explicitly > referenced as DEFAULT and we decide that we never want wget to use RC4, > then DEFAULT:-RC4 is a sensible approach, because it allows OpenSSL to > update DEFAULT and wget gains those improvements automatically)
Here is a suggestion for a GnuTLS patch. I have a look at OpenSSL ciphers and make a similar patch soon. I also suggested (~1-2 years ago) an option to directly set priority strings / ciphers for GnuTLS and OpenSSL. In situations like these, such an option would allow for a quick reaction done by distribution maintainers and users. What do you think ? Tim
From 582a887e61cea2dd0f64d462d919f8688fb7862f Mon Sep 17 00:00:00 2001
From: Tim Ruehsen <tim.rueh...@gmx.de>
Date: Thu, 16 Oct 2014 20:44:56 +0200
Subject: [PATCH] GnuTLS: do not use SSLv3 except explicitely requested
---
src/ChangeLog | 4 ++++
src/gnutls.c | 5 +++--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/ChangeLog b/src/ChangeLog
index 1c4e2d5..00d3c10 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,7 @@
+2014-10-16 Tim Ruehsen <tim.rueh...@gmx.de>
+
+ * gnutls.c (ssl_connect_wget): do not use SSLv3 except explicitely requested
+
2014-05-03 Tim Ruehsen <tim.rueh...@gmx.de>
* retr.c (retrieve_url): fixed memory leak
diff --git a/src/gnutls.c b/src/gnutls.c
index c09b7a2..75627e1 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -436,6 +436,7 @@ ssl_connect_wget (int fd, const char *hostname)
switch (opt.secure_protocol)
{
case secure_protocol_auto:
+ err = gnutls_priority_set_direct (session, "NORMAL:%COMPAT:-VERS-SSL3.0", NULL);
break;
case secure_protocol_sslv2:
case secure_protocol_sslv3:
@@ -445,10 +446,10 @@ ssl_connect_wget (int fd, const char *hostname)
err = gnutls_priority_set_direct (session, "NORMAL:-VERS-SSL3.0", NULL);
break;
case secure_protocol_pfs:
- err = gnutls_priority_set_direct (session, "PFS", NULL);
+ err = gnutls_priority_set_direct (session, "PFS:-VERS-SSL3.0", NULL);
if (err != GNUTLS_E_SUCCESS)
/* fallback if PFS is not available */
- err = gnutls_priority_set_direct (session, "NORMAL:-RSA", NULL);
+ err = gnutls_priority_set_direct (session, "NORMAL:-RSA:-VERS-SSL3.0", NULL);
break;
default:
abort ();
--
2.1.1
signature.asc
Description: This is a digitally signed message part.
