TLS Compression was disabled in the code in pound 2.7b. If you're running 2.7f, then at compile time, it will be disabled. If your openssl-dev headers define the SSL_OP_NO_COMPRESSION directive, it uses that, otherwise, it uses other workarounds, and in both cases it disabled empty fragments.
https://github.com/goochjj/pound/commit/c1fe61a96da606d812d9c4edbacb538f9bf8544b Other distributions... Debian, Ubuntu, Fedora - disable TLS compression at the library level. If you're using openssl compiled yourself, it may not have this patch. Or perhaps you're not using the correct openssl headers to compile? https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195 A lot of these best practices (other than using the 2.6 pcidss branch, which shouldn't be necessary anymore) also apply http://www.apsis.ch/pound/pound_list/archive/2014/2014-10/1414097953000 My sites all show A's, unless I have HSTS enabled. Those show A+. -- Joe Confidentiality Notice: This e-mail transmission may contain confidential and legally privileged information that is intended only for the individual named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail message is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that proper delivery can be arranged, and please delete the message from your mail box. From: Rick Smith Reply-To: "[email protected]" Date: Friday, July 10, 2015 at 9:37 AM To: "[email protected]" Subject: Re: [Pound Mailing List] Crime vulnerability on 2.7f upstream With either of the cipher suites given in this thread I am still showing vulnerable to the CRIME attack. With this suite: HIGH:!aNULL:!SSLv2:!ADH:!EXP:!eNULL:!RC4:MEDIUM:!LOW it is showing BEAST and CRIME and no TLS 1.1/1.2 This one: EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!eNULL:!LOW:!aNULL:!MD5:!DSS is showing vulnerable to the CRIME attack (TLS compression). My main issue is that TLS compression is still enabled for some reason even with the 2.7f version of Pound. Below is the config (sanitized): ###################################################################### ##GLOBAL OPTIONS User "root" Group "root" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: #ExtendedHTTP 0 ## Logging: (goes to syslog by default) ## 0no logging ## 1normal ## 2extended ## 3Apache-style (common log format) #LogFacility local5 LogLevel 0 ## check timeouts: Timeout 45 ConnTO 20 Alive 10 Client 30 Control "/tmp/xxxx_pound.socket" #HTTP(S) LISTENERS ListenHTTPS Err414 "/usr/local/zenloadbalancer/config/xxxx_Err414.html" Err500 "/usr/local/zenloadbalancer/config/xxxx_Err500.html" Err501 "/usr/local/zenloadbalancer/config/xxxx_Err501.html" Err503 "/usr/local/zenloadbalancer/config/xxxx_Err503.html" Address 192.168.xx.xx Port 443 xHTTP 0 RewriteLocation 0 Disable SSLv3 Cert "/usr/local/zenloadbalancer/config/xxxx.pem" Ciphers "EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!eNULL:!LOW:!aNULL:!MD5:!DSS" SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 #ZWACL-INI Service "xxxx_Backends" ##False##HTTPS-backend## HeadRequire "Host: xxxx.xxx.com <http://xxxx.xxx.com>" #Url "" #Redirect "" #Session #Type nothing #TTL 120 #ID "sessionname" #End #BackEnd BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End #End End #ZWACL-END #Service "xxxx" ##False##HTTPS-backend## #HeadRequire "Host: " #Url "" #Redirect "" #Session #Type nothing #TTL 120 #ID "sessionname" #End #BackEnd #End #End End On Fri, Jul 10, 2015 at 7:02 AM, Emilio Campos <[email protected]> wrote: By the way, someone can obtain a A+ with pound2.7 or higher? In my case I use 2.8.a with only A. Thanks! 2015-07-10 10:44 GMT+02:00 Scott McKeown <[email protected]>: Hi Mirek, Thanks, I'm guessing that there must be an additional patch in v2.7 that I've not used in our build Time to do some more testing I guess. On 10 July 2015 at 09:20, Miroslav Danek <[email protected]> wrote: Hi Scott, i use stable 2.7, CentOS 6.6 + openssl 1.0.1e Mirek On 10. 7. 2015, at 9:56, Scott McKeown <[email protected]> wrote: Hi Mirek, What version of pound are you using for this, we have as of yet net been able to get FS with pound... On 10 July 2015 at 08:31, Miroslav Danek <[email protected]> wrote: Hi Rick, i used this one: Disable SSLv3 SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 Ciphers "HIGH:!aNULL:!SSLv2:!ADH:!EXP:!eNULL:!RC4:MEDIUM:!LOW" Result A with FS. regards Mirek On 10. 7. 2015, at 9:07, Scott McKeown <[email protected]> wrote: Hi Rick, Your current Cipher list is very open if you can give this one a go and let us know the report status (we get an A- with no FS) EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!eNULL:!LOW:!aNULL:!MD5:!DSS If you could also post a sanitised copy of your pound config file we can see what we can do for you. On 9 July 2015 at 22:55, Rick Smith <[email protected]> wrote: I am running Pound 2.7f from https://github.com/goochjj/pound/archive/stage_for_upstream/v2.7f.zip I am also running openssl version 1.01p from Jul 9, 2015. I am trying to achieve a better ranking for our SSL support. I have been able to move up to a C rating but for some reason here are my results. I am using the following ciphers: RC4-SHA:HIGH:!ADH:!SSLv2:!AES I enabled the Disable SSLv3 directive and I have the following also enabled for the listener: SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 This is after much trial and error. I thought that this upstream version disabled TLS compression but it appears to still be active. Questions: 1) How can I disable TLS compression? 2) Can I enable TLS 1.1 and 1.2? 3) How can I disable support for weak DH key exchanges? 4) WHy isn't PFS enabled? I assume the ciphers need fixing? Thanks, Rick This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. MORE INFO » <https://weakdh.org/> This server does not mitigate the CRIME attack <https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls>. Grade capped to C. The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » <https://community.qualys.com/blogs/securitylabs/2015/05/22/ssl-labs-increased-penalty-when-tls-12-is-not-supported> This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » <https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what> The server does not support Forward Secrecy with the reference browsers. MORE INFO » <https://en.wikipedia.org/wiki/Forward_secrecy> -- With Kind Regards. Scott McKeown Loadbalancer.org <http://loadbalancer.org/> http://www.loadbalancer.org <http://www.loadbalancer.org/> Tel (UK) - +44 (0) 3303801064 <tel:0%29%203303801064> (24x7) Tel (US) - +1 888.867.9504 <tel:%2B1%20888.867.9504> (Toll Free)(24x7) -- With Kind Regards. Scott McKeown Loadbalancer.org <http://Loadbalancer.org> http://www.loadbalancer.org <http://www.loadbalancer.org/> Tel (UK) - +44 (0) 3303801064 <tel:0%29%203303801064> (24x7) Tel (US) - +1 888.867.9504 <tel:%2B1%20888.867.9504> (Toll Free)(24x7) -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org Tel (UK) - +44 (0) 3303801064 <tel:3303801064> (24x7) Tel (US) - +1 888.867.9504 <tel:%2B1%20888.867.9504> (Toll Free)(24x7) -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): [email protected] <mailto:[email protected]>
