Package: ruby1.9.1 Version: 1.9.3.484-1 Severity: grave Tags: security Upstream bug 9424 [0] indicates that ruby has insecure SSL and TLS defaults. Using the gist linked to [1] in the bug report, I get the following output:
vauxhall ok % /usr/bin/ruby1.9.1 howsmytls.rb { "given_cipher_suites": [ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA", "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", "TLS_DHE_DSS_WITH_AES_256_CBC_SHA", "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA", "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA", "TLS_ECDH_anon_WITH_AES_256_CBC_SHA", "TLS_SRP_SHA_WITH_AES_256_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA", "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_DSS_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA", "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA", "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", "TLS_SRP_SHA_WITH_AES_128_CBC_SHA", "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA", "TLS_DHE_RSA_WITH_SEED_CBC_SHA", "TLS_DHE_DSS_WITH_SEED_CBC_SHA", "TLS_RSA_WITH_SEED_CBC_SHA", "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "TLS_ECDH_anon_WITH_RC4_128_SHA", "TLS_ECDH_RSA_WITH_RC4_128_SHA", "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_RC4_128_SHA", "TLS_RSA_WITH_RC4_128_MD5", "TLS_DHE_RSA_WITH_DES_CBC_SHA", "TLS_DHE_DSS_WITH_DES_CBC_SHA", "TLS_RSA_WITH_DES_CBC_SHA", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" ], "ephemeral_keys_supported": true, "session_ticket_supported": true, "tls_compression_supported": false, "unknown_cipher_suite_supported": false, "beast_vuln": false, "able_to_detect_n_minus_one_splitting": false, "insecure_cipher_suites": { "TLS_DHE_DSS_WITH_DES_CBC_SHA": [ "uses keys smaller than 128 bits in its encryption" ], "TLS_DHE_RSA_WITH_DES_CBC_SHA": [ "uses keys smaller than 128 bits in its encryption" ], "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ], "TLS_ECDH_anon_WITH_AES_128_CBC_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ], "TLS_ECDH_anon_WITH_AES_256_CBC_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ], "TLS_ECDH_anon_WITH_RC4_128_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ], "TLS_RSA_WITH_DES_CBC_SHA": [ "uses keys smaller than 128 bits in its encryption" ], "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ], "TLS_SRP_SHA_WITH_AES_128_CBC_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ], "TLS_SRP_SHA_WITH_AES_256_CBC_SHA": [ "is open to man-in-the-middle attacks because it does not authenticate the server" ] }, "tls_version": "TLS 1.2", "rating": "Bad" } Clearly, negotiating plain DES ciphers or ciphers without authentication by default is unacceptable. I have no opinion on SRP, since I don't know enough about it. Please patch this vulnerability. I will clone the bug to ruby2.0 once I get the bug number. [0] https://bugs.ruby-lang.org/issues/9424 [1] https://gist.github.com/8302049.git -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ruby1.9.1 depends on: ii libc6 2.17-97 ii libruby1.9.1 1.9.3.484-1 ruby1.9.1 recommends no packages. Versions of packages ruby1.9.1 suggests: ii graphviz 2.26.3-16.1 ii ri1.9.1 1.9.3.484-1 pn ruby-switch <none> ii ruby1.9.1-dev 1.9.3.484-1 pn ruby1.9.1-examples <none> -- no debconf information -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature