[Triumf-linux-users] [Triumf-linux-managers] SSLv3 and the POODLE vulnerability - server patching
Andrew Daviel
advax at triumf.ca
Thu Mar 19 18:46:50 PDT 2015
On Thu, 19 Mar 2015, Konstantin Olchanski wrote:
> On Wed, Mar 18, 2015 at 07:11:40PM -0700, Andrew Daviel wrote:
>>
>> ... adding -SSLv3 to the existing -SSLv2 line in httpd/conf.d/ssl.conf
>>
>
> Hi, Andrew - my ssl.conf looks like this -
>
>> SSLProtocol all -SSLv2 -SSLv3
>> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>
> So SSLProtocol looks okey, but SSLCipherSuite I believe needs to be changed,
> what should it say per latest recommendations?
Per http://www.g-loaded.eu/2011/09/27/mod_gnutls-rc4-cipher-beast/
I have been using
SSLHonorCipherOrder on
SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:ALL
but that's 3 years old now.
Chrome is saying that is "obsolete cryptography" on SL5, even with MD5
removed. (though the ordering would force SHA to be used if supported by
the browser)
See http://www.chromium.org/Home/chromium-security/education/tls
- some investigation reveals that dropping SSLHonorCipherOrder in that
recipe allows Chrome, somehow, to select a more secure cipher.
If I try
SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:!MD5:!SHA1:ALL
on CentOS6
that works on Chrome and says "modern crypto", but Firefox on SL5 can't
find a common cipher.
A more recent page
http://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
suggests
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
that seems to work on CentOS 6 both for Firefox on SL5 and Chrome (with
"modern crypto").
Not all those ciphers are supported by openssl on SL5, although the
server will still run as long as at least one cipher is found. Supported
ciphers may be found with "openssl ciphers -v"
The following subset may give the same functionality on SL5:
SSLCipherSuite DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
There is a nice server testing tool at:
https://www.ssllabs.com/ssltest/analyze.html
(sslscan is available from EPEL via yum)
On the browser side, it appears that the later Firefox requires TLSv1 by
default, which breaks a few sites (including the BCnet conference
registration one). I had that set already based on some previous reading.
See
http://www.ryananddebi.com/2014/12/10/bypassing-the-ssl_error_no_cypher_overlap-error-in-firefox-34/
see also:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslciphersuite
- Apache documentation
https://cabforum.org/baseline-requirements-documents/
- requirements for CAs and certificates, e.g. not issuing SHA1-based
certs too far into the future
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager
More information about the Triumf-linux-users
mailing list