patch V2
- removed SSLv3 from --secure-protocol=auto|pfs (GnuTLS code)
- removed SSLv3 from --secure-protocol=auto (OpenSSL code)
- amended the docs
I am not an OpenSSL expert... please feel free to suggest improvements.
Tim
Am Donnerstag, 16. Oktober 2014, 20:50:32 schrieb Tim Rühsen:
Am Mittwoch, 15. Oktober 2014, 17:26:49 schrieb Daniel Kahn Gillmor:
On 10/15/2014 03:10 PM, Tim Rühsen wrote:
I tried to make clear that Wget *explicitely* asks for SSLv2 and SSLv3
in
the default configuration when compiled with OpenSSL. Whatever the
OpenSSL library vendor is doing... it won't affect Wget in this case. So
with your attitude, you won't ever be safe ever from Poodle (I guess).
And again my question: should we change the default behaviour of future
versions of Wget ?
With other words: since we know, the library vendor wouldn't help in the
above case, what can we do to secure Wget ?
hm, i think Tim is on to something here: by default, wget should use the
default ciphersuites and protocol versions selected by the TLS library.
Tweaking the default choices in wget itself tends to make wget more
brittle than the underlying library.
The only way that should work to try to improve security in wget via TLS
implementation preference strings is if the preference string is
explicitly a minor modification of some system default. This may or may
not be possible depending on the preference string syntax of the
selected TLS implementation.
(e.g. [for OpenSSL] if the system default is always explicitly
referenced as DEFAULT and we decide that we never want wget to use RC4,
then DEFAULT:-RC4 is a sensible approach, because it allows OpenSSL to
update DEFAULT and wget gains those improvements automatically)
Here is a suggestion for a GnuTLS patch.
I have a look at OpenSSL ciphers and make a similar patch soon.
I also suggested (~1-2 years ago) an option to directly set priority strings
/ ciphers for GnuTLS and OpenSSL. In situations like these, such an option
would allow for a quick reaction done by distribution maintainers and
users.
What do you think ?
Tim
From bca3e7ea1e430de4fcbc15daad60e8a2953e3a61 Mon Sep 17 00:00:00 2001
From: Tim Ruehsen tim.rueh...@gmx.de
Date: Thu, 16 Oct 2014 20:44:56 +0200
Subject: [PATCH] do not use SSLv3 except explicitely requested
---
doc/ChangeLog | 4
doc/wget.texi | 4 ++--
src/ChangeLog | 5 +
src/gnutls.c | 5 +++--
src/openssl.c | 4 +---
5 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/doc/ChangeLog b/doc/ChangeLog
index f055fa5..dd43162 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2014-10-16 Tim Ruehsen tim.rueh...@gmx.de
+
+ * wget.texi (Download Options): update --secure-protocol description
+
2014-08-03 Giuseppe Scrivano gscriv...@gnu.org
* wget.texi (Download Options): Fix texinfo warning.
diff --git a/doc/wget.texi b/doc/wget.texi
index a31eb5e..1e1dd36 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1643,8 +1643,8 @@ without SSL support, none of these options are available.
Choose the secure protocol to be used. Legal values are @samp{auto},
@samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1} and @samp{PFS}. If @samp{auto}
is used, the SSL library is given the liberty of choosing the appropriate
-protocol automatically, which is achieved by sending an SSLv2 greeting
-and announcing support for SSLv3 and TLSv1. This is the default.
+protocol automatically, which is achieved by sending an TLSv1 greeting.
+This is the default.
Specifying @samp{SSLv2}, @samp{SSLv3}, or @samp{TLSv1} forces the use
of the corresponding protocol. This is useful when talking to old and
diff --git a/src/ChangeLog b/src/ChangeLog
index 1c4e2d5..db4cd04 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-10-16 Tim Ruehsen tim.rueh...@gmx.de
+
+ * gnutls.c (ssl_connect_wget): do not use SSLv3 except explicitely requested
+ * openssl.c (ssl_init): do not use SSLv3 except explicitely requested
+
2014-05-03 Tim Ruehsen tim.rueh...@gmx.de
* retr.c (retrieve_url): fixed memory leak
diff --git a/src/gnutls.c b/src/gnutls.c
index c09b7a2..75627e1 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -436,6 +436,7 @@ ssl_connect_wget (int fd, const char *hostname)
switch (opt.secure_protocol)
{
case secure_protocol_auto:
+ err = gnutls_priority_set_direct (session, NORMAL:%COMPAT:-VERS-SSL3.0, NULL);
break;
case secure_protocol_sslv2:
case secure_protocol_sslv3:
@@ -445,10 +446,10 @@ ssl_connect_wget (int fd, const char *hostname)
err = gnutls_priority_set_direct (session, NORMAL:-VERS-SSL3.0, NULL);
break;
case secure_protocol_pfs:
- err = gnutls_priority_set_direct (session, PFS, NULL);
+ err = gnutls_priority_set_direct (session, PFS:-VERS-SSL3.0, NULL);
if (err != GNUTLS_E_SUCCESS)
/* fallback if PFS is not available */
-err =