Glad it worked out for you! -- Joe
Confidentiality Notice: This e-mail transmission may contain confidential and legally privileged information that is intended only for the individual named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail message is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that proper delivery can be arranged, and please delete the message from your mail box. From: Rick Smith Reply-To: "[email protected]<mailto:[email protected]>" Date: Tuesday, July 14, 2015 at 10:49 AM To: "[email protected]<mailto:[email protected]>" Subject: Re: [Pound Mailing List] Crime vulnerability on 2.7f upstream Thanks so much guys - it was just as Joseph stated. Pound was linked to the old version of OpenSSL that was installed by Zen. Once I fixed this and compiled again/copied the executables to the locations Zen uses I am seeing an A on the SSL Labs test. Rick On Fri, Jul 10, 2015 at 2:24 PM, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: Configure option: --with-ssl=directory location of OpenSSL package Check the resulting –I and –L options in the Makefile If you're not installing your manually compiled openssl library you probably want to statically compile. You can change the LIBS line from –lssl –lcrypto to something ilke: -Wl,-Bstatic /path/to/libssl.a /path/to/libcrypto.a –Wl,-Bdynamic Or -Wl,-Bstatic -L/path/to/openssl/libs –lssl -lcrypto –Wl,–Bdynamic Or set appropriate env variables (I.e. LIBRARY_PATH) See https://stackoverflow.com/questions/4352573/linking-openssl-libraries-to-a-program Otherwise, you're likely compiling and linking against the openssl installed on your system. You can also check by editing your config.c Find the case 'V': line After the "Version %s" line, add this #ifdef SSLEAY_VERSION logmsg(LOG_DEBUG, "OpenSSL version %s", SSLeay_version(SSLEAY_VERSION)); #endif Make, as before ./pound –V It'll show you the OpenSSL version. (This might not be a bad thing to include in the code actually) Diff version diff --git i/config.c w/config.c index 6f29ef5..2be0718 100644 --- i/config.c +++ w/config.c @@ -1732,6 +1732,9 @@ config_parse(const int argc, char **const argv) case 'V': print_log = 1; logmsg(LOG_DEBUG, "Version %s", VERSION); +#ifdef SSLEAY_VERSION + logmsg(LOG_DEBUG, "OpenSSL version %s", SSLeay_version(SSLEAY_VERSION)); +#endif logmsg(LOG_DEBUG, " Configuration switches:"); #ifdef C_SUPER if(strcmp(C_SUPER, "0")) -- Joseph Gooch SapphireK12 (866) 366-9540<tel:%28866%29%20366-9540> Confidentiality Notice: This e-mail transmission may contain confidential and legally privileged information that is intended only for the individual named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail message is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that proper delivery can be arranged, and please delete the message from your mail box. From: Rick Smith Reply-To: "[email protected]<mailto:[email protected]>" Date: Friday, July 10, 2015 at 2:40 PM To: "[email protected]<mailto:[email protected]>" Subject: Re: [Pound Mailing List] Crime vulnerability on 2.7f upstream I think you might be right re: pound linking to the wrong headers. Any suggestions on fixing that part? Rick On Fri, Jul 10, 2015 at 1:07 PM, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: I don't... Based on our code (which you can verify in config.c) it's including the SSL_OP_NO_COMPRESSION directive, and 1.0.1p should include that directive. My only guesses are pound isn't using the openssl development headers for 1.0.1p, it's linking to a shared library that isn't the one you just compiled, or it's linking statically to the wrong ssl library. -- Joe Confidentiality Notice: This e-mail transmission may contain confidential and legally privileged information that is intended only for the individual named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail message is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that proper delivery can be arranged, and please delete the message from your mail box. From: Rick Smith Reply-To: "[email protected]<mailto:[email protected]>" Date: Friday, July 10, 2015 at 12:02 PM To: "[email protected]<mailto:[email protected]>" Subject: Re: [Pound Mailing List] Crime vulnerability on 2.7f upstream I compiled 2.7f myself and also compiled the 1.01p openssl. Any idea why I still see TLS compression enabled? Rick On Fri, Jul 10, 2015 at 10:24 AM, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: TLS Compression was disabled in the code in pound 2.7b. If you're running 2.7f, then at compile time, it will be disabled. If your openssl-dev headers define the SSL_OP_NO_COMPRESSION directive, it uses that, otherwise, it uses other workarounds, and in both cases it disabled empty fragments. https://github.com/goochjj/pound/commit/c1fe61a96da606d812d9c4edbacb538f9bf8544b Other distributions... Debian, Ubuntu, Fedora - disable TLS compression at the library level. If you're using openssl compiled yourself, it may not have this patch. Or perhaps you're not using the correct openssl headers to compile? https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1187195 A lot of these best practices (other than using the 2.6 pcidss branch, which shouldn't be necessary anymore) also apply http://www.apsis.ch/pound/pound_list/archive/2014/2014-10/1414097953000 My sites all show A's, unless I have HSTS enabled. Those show A+. -- Joe Confidentiality Notice: This e-mail transmission may contain confidential and legally privileged information that is intended only for the individual named in the e-mail address. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or reliance upon the contents of this e-mail message is strictly prohibited. If you have received this e-mail transmission in error, please reply to the sender, so that proper delivery can be arranged, and please delete the message from your mail box. From: Rick Smith Reply-To: "[email protected]<mailto:[email protected]>" Date: Friday, July 10, 2015 at 9:37 AM To: "[email protected]<mailto:[email protected]>" Subject: Re: [Pound Mailing List] Crime vulnerability on 2.7f upstream With either of the cipher suites given in this thread I am still showing vulnerable to the CRIME attack. With this suite: HIGH:!aNULL:!SSLv2:!ADH:!EXP:!eNULL:!RC4:MEDIUM:!LOW it is showing BEAST and CRIME and no TLS 1.1/1.2 This one: EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!eNULL:!LOW:!aNULL:!MD5:!DSS is showing vulnerable to the CRIME attack (TLS compression). My main issue is that TLS compression is still enabled for some reason even with the 2.7f version of Pound. Below is the config (sanitized): ###################################################################### ##GLOBAL OPTIONS User "root" Group "root" ## allow PUT and DELETE also (by default only GET, POST and HEAD)?: #ExtendedHTTP 0 ## Logging: (goes to syslog by default) ## 0no logging ## 1normal ## 2extended ## 3Apache-style (common log format) #LogFacility local5 LogLevel 0 ## check timeouts: Timeout 45 ConnTO 20 Alive 10 Client 30 Control "/tmp/xxxx_pound.socket" #HTTP(S) LISTENERS ListenHTTPS Err414 "/usr/local/zenloadbalancer/config/xxxx_Err414.html" Err500 "/usr/local/zenloadbalancer/config/xxxx_Err500.html" Err501 "/usr/local/zenloadbalancer/config/xxxx_Err501.html" Err503 "/usr/local/zenloadbalancer/config/xxxx_Err503.html" Address 192.168.xx.xx Port 443 xHTTP 0 RewriteLocation 0 Disable SSLv3 Cert "/usr/local/zenloadbalancer/config/xxxx.pem" Ciphers "EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!eNULL:!LOW:!aNULL:!MD5:!DSS" SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 #ZWACL-INI Service "xxxx_Backends" ##False##HTTPS-backend## HeadRequire "Host: xxxx.xxx.com<http://xxxx.xxx.com> <http://xxxx.xxx.com> <http://xxxx.xxx.com>" #Url "" #Redirect "" #Session #Type nothing #TTL 120 #ID "sessionname" #End #BackEnd BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End BackEnd Address 192.168.xx.xx Port 80 TimeOut 10 End #End End #ZWACL-END #Service "xxxx" ##False##HTTPS-backend## #HeadRequire "Host: " #Url "" #Redirect "" #Session #Type nothing #TTL 120 #ID "sessionname" #End #BackEnd #End #End End On Fri, Jul 10, 2015 at 7:02 AM, Emilio Campos <[email protected]<mailto:[email protected]>> wrote: By the way, someone can obtain a A+ with pound2.7 or higher? In my case I use 2.8.a with only A. Thanks! 2015-07-10 10:44 GMT+02:00 Scott McKeown <[email protected]<mailto:[email protected]>>: Hi Mirek, Thanks, I'm guessing that there must be an additional patch in v2.7 that I've not used in our build Time to do some more testing I guess. On 10 July 2015 at 09:20, Miroslav Danek <[email protected]<mailto:[email protected]>> wrote: Hi Scott, i use stable 2.7, CentOS 6.6 + openssl 1.0.1e Mirek On 10. 7. 2015, at 9:56, Scott McKeown <[email protected]<mailto:[email protected]>> wrote: Hi Mirek, What version of pound are you using for this, we have as of yet net been able to get FS with pound... On 10 July 2015 at 08:31, Miroslav Danek <[email protected]<mailto:[email protected]>> wrote: Hi Rick, i used this one: Disable SSLv3 SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 Ciphers "HIGH:!aNULL:!SSLv2:!ADH:!EXP:!eNULL:!RC4:MEDIUM:!LOW" Result A with FS. regards Mirek On 10. 7. 2015, at 9:07, Scott McKeown <[email protected]<mailto:[email protected]>> wrote: Hi Rick, Your current Cipher list is very open if you can give this one a go and let us know the report status (we get an A- with no FS) EECDH+ECDSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!eNULL:!LOW:!aNULL:!MD5:!DSS If you could also post a sanitised copy of your pound config file we can see what we can do for you. On 9 July 2015 at 22:55, Rick Smith <[email protected]<mailto:[email protected]>> wrote: I am running Pound 2.7f from https://github.com/goochjj/pound/archive/stage_for_upstream/v2.7f.zip <https://github.com/goochjj/pound/archive/stage_for_upstream/v2.7f.zip> I am also running openssl version 1.01p from Jul 9, 2015. I am trying to achieve a better ranking for our SSL support. I have been able to move up to a C rating but for some reason here are my results. I am using the following ciphers: RC4-SHA:HIGH:!ADH:!SSLv2:!AES I enabled the Disable SSLv3 directive and I have the following also enabled for the listener: SSLAllowClientRenegotiation 0 SSLHonorCipherOrder 1 This is after much trial and error. I thought that this upstream version disabled TLS compression but it appears to still be active. Questions: 1) How can I disable TLS compression? 2) Can I enable TLS 1.1 and 1.2? 3) How can I disable support for weak DH key exchanges? 4) WHy isn't PFS enabled? I assume the ciphers need fixing? Thanks, Rick This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. MORE INFO » <https://weakdh.org/> This server does not mitigate the CRIME attack <https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls>. Grade capped to C. The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C. MORE INFO » <https://community.qualys.com/blogs/securitylabs/2015/05/22/ssl-labs-increased-penalty-when-tls-12-is-not-supported> This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO » <https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what> The server does not support Forward Secrecy with the reference browsers. MORE INFO » <https://en.wikipedia.org/wiki/Forward_secrecy> -- With Kind Regards. Scott McKeown Loadbalancer.org <http://loadbalancer.org/> http://www.loadbalancer.org <http://www.loadbalancer.org/> Tel (UK) - +44 (0) 3303801064<tel:%2B44%20%280%29%203303801064> <tel:%2B44%20%280%29%203303801064> <tel:0%29%203303801064> (24x7) Tel (US) - +1 888.867.9504<tel:%2B1%20888.867.9504> <tel:%2B1%20888.867.9504> <tel:%2B1%20888.867.9504> (Toll Free)(24x7) -- With Kind Regards. Scott McKeown Loadbalancer.org <http://Loadbalancer.org> http://www.loadbalancer.org <http://www.loadbalancer.org/> Tel (UK) - +44 (0) 3303801064<tel:%2B44%20%280%29%203303801064> <tel:%2B44%20%280%29%203303801064> <tel:0%29%203303801064> (24x7) Tel (US) - +1 888.867.9504<tel:%2B1%20888.867.9504> <tel:%2B1%20888.867.9504> <tel:%2B1%20888.867.9504> (Toll Free)(24x7) -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org Tel (UK) - +44 (0) 3303801064<tel:3303801064> <tel:3303801064<tel:3303801064>> <tel:3303801064<tel:3303801064> <tel:3303801064<tel:3303801064>>> (24x7) Tel (US) - +1 888.867.9504<tel:%2B1%20888.867.9504> <tel:%2B1%20888.867.9504> <tel:%2B1%20888.867.9504> (Toll Free)(24x7) -- Load balancer distribution - Open Source Project http://www.zenloadbalancer.com Distribution list (subscribe): [email protected]<mailto:[email protected]> <mailto:[email protected]<mailto:[email protected]>>
