And I’ll integrate it into my github branch once you do. :) Joe
From: Scott McKeown [mailto:[email protected]] Sent: Wednesday, February 20, 2013 10:13 AM To: [email protected] Subject: Re: [Pound Mailing List] OpenSSL SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS patch Hi Joe, Your right, I've just finished running another test and changing the option to a '0' (zero) instead of a '1' has fixed the issue. Thank you for looking over this for me. I'll give the name some thought and I'll post the updated patch once I've had a good think. ~Scott On 19 February 2013 23:23, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: Yeah, you have the option states reversed. ssl_op_enable starts with SSL_OP_ALL, which includes the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option. (Which turns off the countermeasure) To pass PCI you want pound to insert empty fragments, so you want to remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from ssl_op_enable and add it to ssl_op_disable Seems to me your code is fine, you just need SSLNoFragment 0 in your config. (Which means it *will* insert fragments, which is what you want) Or name it something like SSLBeastAvoid 1 and swap the flag states. Joe From: Scott McKeown [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, February 19, 2013 11:26 AM To: [email protected]<mailto:[email protected]> Subject: Re: [Pound Mailing List] OpenSSL SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS patch Hi Joe, Thanks for having a look at this for me. I've tested with SSL Labs and that all shows correct, although it does not show anything for the Empty Fragments but it could be labeled as something else that I'm missing. I've come across http://www.mcafee.com/us/mcafeesecure/index.html which offers a free scan (nice) but I've also used https://www.hackerguardian.com and they both show the same thing I'm guessing it could be a false positive but I was going for a second opinion first. ~Scott On 19 February 2013 15:53, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: It looks to me like you’ve done the patch correctly. Not sure why it wouldn’t be working for you. Are you using SSL labs to test? Joe From: Scott McKeown [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, February 18, 2013 6:07 AM To: [email protected]<mailto:[email protected]> Subject: [Pound Mailing List] OpenSSL SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS patch Hi Guys, I've been trying to add a new option to Pound that will allow you to set a 'SSLNoFragment' option in your pound.cfg file that when set to '1' will enable the OpenSSL 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option. A copy of my attempt is below. However, with this added to my pound.cfg file and all rebuilt using Pound 2.6 and my new option enabled like this: User "nobody" Group "nobody" LogLevel 0 Client 30 Timeout 60 ListenHTTPS # Label: pound_vip Address 192.168.82.199 Port 443 Cert "/etc/pound/certs/pound_vip.pem" SSLHonorCipherOrder 1 SSLAllowClientRenegotiation 0 DisableSSLv2 ReWriteLocation 1 Ciphers "RC4:HIGH:!MD5:!DSS:!aNULL" SSLNoCompression 1 SSLNoFragment 1 Service BackEnd Address 172.16.0.5 Port 80 End End End It seems to accept the value. However, if I run a scan on the Real IP Address (the above addresses have been changed to protect the innocent) I still get a warning stating: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This script tries to establish an SSL/TLS remote connection using an affected SSL version and cipher suite, and then solicits return data. If returned application data is not fragmented with an empty or one-byte record, it is likely vulnerable. OpenSSL uses empty fragments as a countermeasure unless the 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is initialized. Microsoft implemented one-byte fragments as a countermeasure, and the setting can be controlled via the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord. Therefore, if multiple applications use the same SSL/TLS implementation, some may be vulnerable while others may not, depending on whether or not a countermeasure has been enabled. Note that this script detects the vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It does not detect the BEAST attack where it exploits the vulnerability at HTTPS client-side (i.e., Internet browser). The detection at server-side does not necessarily means your server is vulnerable to the BEAST attack because the attack exploits the vulnerability at client-side, and both SSL/TLS clients and servers can independently employ the split record countermeasure. My Pound Version details: # pound -V starting... detect_tproxy(): tproxy is is detected tproxy: available Version 2.6 Configuration switches: --enable-cert1l --with-maxbuf=8192 Exiting... My attempted patch: config.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletions(-) diff --git a/config.c b/config.c --- a/config.c 2013-02-15 11:38:19.634450776 +0000 +++ bconfig.c 2013-02-15 15:37:22.668452304 +0000 @@ -76,7 +76,7 @@ static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, DynScale; -static regex_t ClientCert, AddHeader, DisableSSLv2, SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression, Ciphers; +static regex_t ClientCert, AddHeader, DisableSSLv2, SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression, SSLNoFragment, Ciphers; static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS, HTTPSCert; static regex_t Disabled, Threads, CNName; @@ -1082,6 +1082,14 @@ ssl_op_disable |= SSL_OP_NO_COMPRESSION; ssl_op_enable &= ~SSL_OP_NO_COMPRESSION; } + } else if(!regexec(&SSLNoFragment, lin, 4, matches, 0)) { + if (atoi(lin + matches[1].rm_so)) { + ssl_op_enable |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ssl_op_disable &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + } else { + ssl_op_disable |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ssl_op_enable &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + } } else if(!regexec(&Ciphers, lin, 4, matches, 0)) { has_other = 1; if(res->ctx == NULL) @@ -1376,6 +1384,7 @@ || regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&SSLNoCompression, "^[ \t]*SSLNoCompression[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) + || regcomp(&SSLNoFragment, "^[ \t]*SSLNoFragment[ \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) || regcomp(&VerifyList, "^[ \t]*VerifyList[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) @@ -1541,6 +1550,7 @@ regfree(&DisableSSLv2); regfree(&SSLHonorCipherOrder); regfree(&SSLNoCompression); + regfree(&SSLNoFragment); regfree(&Ciphers); regfree(&CAlist); regfree(&VerifyList); Any help or advice would be most welcome. -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
