Re: Disallowing ssl2
On Tuesday 11 November 2008 14:50:56 John Almberg wrote: My server got an audit for PCI compliance and was red-flagged for allowing SSL2 connections, which they have some problem with. They want the server to use SSL3 or TLS: Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man- in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http://support.microsoft.com/ kb/216482 for instructions on IIS. See http://httpd.apache.org/docs/ 2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) They want me to do this for https, imaps, and pop3s protocols... Before I dig into this, I was wondering, is this even possible? Will anything break as a result? Only corner cases. SSLv2 was quite short-lived. I can't remember client implementations that had SSLv2 without TLS/v3, so I looked it up: http://en.wikipedia.org/wiki/Transport_Layer_Security The SSL protocol was originally developed by Netscape. Version 1.0 was never publicly released; version 2.0 was released in 1994 but contained a number of security flaws which ultimately led to the design of SSL version 3.0, which was released in 1996 (Rescorla 2001). So it would break ancient clients, think superspeed 56kB dial-up internet ancient. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disallowing ssl2
On Nov 11, 2008, at 8:50 AM, John Almberg wrote: My server got an audit for PCI compliance and was red-flagged for allowing SSL2 connections, which they have some problem with. They want the server to use SSL3 or TLS: Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/ paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http:// support.microsoft.com/kb/216482 for instructions on IIS. See http:// httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/ B:N) They want me to do this for https, imaps, and pop3s protocols... Before I dig into this, I was wondering, is this even possible? Will anything break as a result? Answering my own question (always the best way! :-) I've figured out how to do this on Apache... Replaced the default SSLCipherSuite directive with the following: SSLCipherSuite TLSv1:!ADH:!EXP:!NULL:!MD5:!LOW:+HIGH:+MEDIUM This seems to work, although I guess all those Netscape 4 users are going to have to shop else where... On to IMAPS and POP3S... -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disallowing ssl2
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 John Almberg wrote: | My server got an audit for PCI compliance and was red-flagged for | allowing SSL2 connections, which they have some problem with. They want | the server to use SSL3 or TLS: | | Synopsis : The remote service encrypts traffic using a protocol with | known weaknesses. Description : The remote service accepts connections | encrypted using SSL 2.0, which reportedly suffers from several | cryptographic flaws and has been deprecated for several years. An | attacker may be able to exploit these issues to conduct | man-in-the-middle attacks or decrypt communications between the affected | service and clients. See also : http://www.schneier.com/paper-ssl.pdf | Solution: Consult the application's documentation to disable SSL 2.0 and | use SSL 3.0 or TLS 1.0 instead. See | http://support.microsoft.com/kb/216482 for instructions on IIS. See | http://httpd.apache.org/docs/2.0/mod/mod _ssl.html for Apache. Risk | Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) | | They want me to do this for https, imaps, and pop3s protocols... | | Before I dig into this, I was wondering, is this even possible? Will | anything break as a result? It's certainly possible to insist on SSLv3 or TLSv1 for SSL connections, and nothing[*] will break. The client and server will negotiate to find a mutually acceptable cipher and protocol level at the point of making the connection. For apache2 the magic wording is: ~SSLProtocol all -SSLv2 Note that this is conceptually distinct from choosing the cipher to use -- many of the SSLv2 ciphers are also available under SSLv3, but there's a structural problem SSLv2 which means a cipher perfectly acceptable under v3 can be broken under v2. Even so, there are a bunch of pretty useless ciphers our there, Anything with a key length less than about 40bits is essentially trivially crackable nowadays using a desktop PC. 56bit is crackable to someone with the resources of the NSA. To control the ciphers Apache allows, use something like: ~ SSLCipherSuite RSA:!EXP:!NULL:-SSLv2:+HIGH:+MEDIUM:-LOW This can combine choosing the protocol level with choosing the allowable ciphers into one handy string, if you include the appropriate terms, and if done that way means you don't also need the 'SSLProtocol' item above. Most applications that use openssl to provide crypto will let you enter a string like that somewhere. You can see what Ciphers a cipher-spec equates to by eg.: % openssl ciphers -ssl3 -v 'RSA:\!EXP:\!NULL:-SSLv2:+HIGH:+MEDIUM:-LOW' CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 DES-CBC3-SHASSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 This setting is known to work well with recent versions of Firefox and IE. The ciphers(1) man page will give you the gory details. Exactly how and where you specify the Cipher string depends on the software you're using. So, for example, adding the fillowing to imapd.conf will achieve the required effect with Cyrus IMAPd: tls_cipher_list: RSA:!EXP:!NULL:-SSLv2:+HIGH:+MEDIUM:-LOW Cheers, Matthew [*] Probably. - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 ~ 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate ~ Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkkZm2EACgkQ3jDkPpsZ+VZcUACfX3ftpuP5Y73KJR0EFTPunmXi s3QAnjT7+P6+ns9gT+/ayk+UWyMbfvcO =d1iO -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Disallowing ssl2
My server got an audit for PCI compliance and was red-flagged for allowing SSL2 connections, which they have some problem with. They want the server to use SSL3 or TLS: Synopsis : The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man- in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. See http://support.microsoft.com/ kb/216482 for instructions on IIS. See http://httpd.apache.org/docs/ 2.0/mod/mod _ssl.html for Apache. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) They want me to do this for https, imaps, and pop3s protocols... Before I dig into this, I was wondering, is this even possible? Will anything break as a result? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Disallowing ssl2
It's certainly possible to insist on SSLv3 or TLSv1 for SSL connections, and nothing[*] will break. The client and server will negotiate to find a mutually acceptable cipher and protocol level at the point of making the connection. This seems to be less painful than I was anticipating... Besides apache, I had to figure out how to boost the security on IMAP and POP 3 connections. I'm using Courier, so this was pretty simple... just added the following to the imap and pop ssl config files: TLS_CIPHER_LIST=HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL:@STRENGTH I'm going to resubmit the server... hopefully it will pass this time. But I wonder why the defaults for Apache and Courier are to accept SSL 2, if it is so problematical? -- John ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
