Hi Guys,
I've been trying to add a new option to Pound that will allow you to set a
'SSLNoFragment' option in your pound.cfg file that when set to '1' will
enable the OpenSSL 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option.
A copy of my attempt is below. However, with this added to my pound.cfg
file and all rebuilt using Pound 2.6 and my new option enabled like this:
User "nobody"
Group "nobody"
LogLevel 0
Client 30
Timeout 60
ListenHTTPS
# Label: pound_vip
Address 192.168.82.199
Port 443
Cert "/etc/pound/certs/pound_vip.pem"
SSLHonorCipherOrder 1
SSLAllowClientRenegotiation 0
DisableSSLv2
ReWriteLocation 1
Ciphers "RC4:HIGH:!MD5:!DSS:!aNULL"
SSLNoCompression 1
SSLNoFragment 1
Service
BackEnd
Address 172.16.0.5
Port 80
End
End
End
It seems to accept the value. However, if I run a scan on the Real IP
Address (the above addresses have been changed to protect the innocent) I
still get a warning stating:
A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information
disclosure if an attacker intercepts encrypted traffic served from an
affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use
CBC mode are not affected. This script tries to establish an SSL/TLS remote
connection using an affected SSL version and cipher suite, and then
solicits return data. If returned application data is not fragmented with
an empty or one-byte record, it is likely vulnerable. OpenSSL uses empty
fragments as a countermeasure unless the
'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is
initialized. Microsoft implemented one-byte fragments as a countermeasure,
and the setting can be controlled via the registry key
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord.
Therefore, if multiple applications use the same SSL/TLS implementation,
some may be vulnerable while others may not, depending on whether or not a
countermeasure has been enabled. Note that this script detects the
vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It
does not detect the BEAST attack where it exploits the vulnerability at
HTTPS client-side (i.e., Internet browser). The detection at server-side
does not necessarily means your server is vulnerable to the BEAST attack
because the attack exploits the vulnerability at client-side, and both
SSL/TLS clients and servers can independently employ the split record
countermeasure.
My Pound Version details:
# pound -V
starting...
detect_tproxy(): tproxy is is detected
tproxy: available
Version 2.6
Configuration switches:
--enable-cert1l
--with-maxbuf=8192
Exiting...
My attempted patch:
config.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletions(-)
diff --git a/config.c b/config.c
--- a/config.c 2013-02-15 11:38:19.634450776 +0000
+++ bconfig.c 2013-02-15 15:37:22.668452304 +0000
@@ -76,7 +76,7 @@
static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove,
RewriteLocation, RewriteDestination;
static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd,
Emergency, Priority, HAport, HAportAddr;
static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID,
DynScale;
-static regex_t ClientCert, AddHeader, DisableSSLv2,
SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression, Ciphers;
+static regex_t ClientCert, AddHeader, DisableSSLv2,
SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression,
SSLNoFragment, Ciphers;
static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include,
ConnTO, IgnoreCase, HTTPS, HTTPSCert;
static regex_t Disabled, Threads, CNName;
@@ -1082,6 +1082,14 @@
ssl_op_disable |= SSL_OP_NO_COMPRESSION;
ssl_op_enable &= ~SSL_OP_NO_COMPRESSION;
}
+ } else if(!regexec(&SSLNoFragment, lin, 4, matches, 0)) {
+ if (atoi(lin + matches[1].rm_so)) {
+ ssl_op_enable |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ ssl_op_disable &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ } else {
+ ssl_op_disable |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ ssl_op_enable &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ }
} else if(!regexec(&Ciphers, lin, 4, matches, 0)) {
has_other = 1;
if(res->ctx == NULL)
@@ -1376,6 +1384,7 @@
|| regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE |
REG_NEWLINE | REG_EXTENDED)
|| regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[
\t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&SSLNoCompression, "^[ \t]*SSLNoCompression[ \t]+([01])[
\t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
+ || regcomp(&SSLNoFragment, "^[ \t]*SSLNoFragment[ \t]+([01])[ \t]*$",
REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE
| REG_NEWLINE | REG_EXTENDED)
|| regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE |
REG_NEWLINE | REG_EXTENDED)
|| regcomp(&VerifyList, "^[ \t]*VerifyList[ \t]+\"(.+)\"[ \t]*$",
REG_ICASE | REG_NEWLINE | REG_EXTENDED)
@@ -1541,6 +1550,7 @@
regfree(&DisableSSLv2);
regfree(&SSLHonorCipherOrder);
regfree(&SSLNoCompression);
+ regfree(&SSLNoFragment);
regfree(&Ciphers);
regfree(&CAlist);
regfree(&VerifyList);
Any help or advice would be most welcome.
--
With Kind Regards.
Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org
