Enhancement #3246

Upgrade SSL/TLS defaults on 6.7

Added by Davide Principi almost 6 years ago. Updated almost 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:<multiple packages>
Target version:v6.7-rc1
Resolution: NEEDINFO:No

Description

Check SSL/TLS settings, upgrading security options to upstream defaults.


Related issues

Related to NethServer 6 - Bug #2921: Protection against POODLE SSLv3 Vulnerability CLOSED

Associated revisions

Revision a1d012b3
Added by Giacomo Sanchietti almost 6 years ago

Stronger SSL configuration. Refs #3246

Revision 946d56fc
Added by Giacomo Sanchietti almost 6 years ago

Stronger SSL configuration. Refs #3246

History

#1 Updated by Davide Principi almost 6 years ago

  • Related to Bug #2921: Protection against POODLE SSLv3 Vulnerability added

#2 Updated by Davide Principi almost 6 years ago

The mod_ssl package owns /etc/httpd/conf.d/ssl.conf. This is the default (comments removed):

LoadModule ssl_module modules/mod_ssl.so

Listen 443

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost _default_:443>

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 

</VirtualHost>    

Notes/differences

  • SSLMutex default (none)
    > This is the default where no Mutex is used at all. Use it at your own risk. But because currently the Mutex is mainly used for synchronizing write access to the SSL Session Cache you can live without it as long as you accept a sometimes garbled Session Cache. So it's not recommended to leave this the default. Instead configure a real Mutex. We have a
  • SSLProtocol all -SSLv2 (all)
    SSLv2 is disabled by upstream. We also disable SSLv3 since POODLE
  • SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES (ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP)
    > The default mod_ssl configuration no longer enables support for SSL cipher suites using the single DES, IDEA, or SEED encryption algorithms.
    See RHSA-2015:1249 and BZ#1086771

By applying the new upstream default we'll have the following changes:

[root@vm9 ~]# diff -u ciphers.ns ciphers.centos
--- ciphers.ns    2015-08-27 12:18:26.046113207 +0000
+++ ciphers.centos    2015-08-27 12:18:15.167094542 +0000
@@ -6,7 +6,6 @@
 AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
 CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) Mac=SHA1
 CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) Mac=SHA1
-DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
 DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
 DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
 DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
@@ -16,7 +15,6 @@
 DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
 DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) Mac=SHA1
 DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) Mac=SHA1
-DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
 DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
 DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
@@ -25,7 +23,6 @@
 DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
 DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) Mac=SHA1
 DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) Mac=SHA1
-DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
 ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
 ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256
 ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
@@ -60,20 +57,13 @@
 ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
 EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
 EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
-IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
-IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
 KRB5-DES-CBC3-MD5       SSLv3 Kx=KRB5     Au=KRB5 Enc=3DES(168) Mac=MD5 
 KRB5-DES-CBC3-SHA       SSLv3 Kx=KRB5     Au=KRB5 Enc=3DES(168) Mac=SHA1
-KRB5-IDEA-CBC-MD5       SSLv3 Kx=KRB5     Au=KRB5 Enc=IDEA(128) Mac=MD5 
-KRB5-IDEA-CBC-SHA       SSLv3 Kx=KRB5     Au=KRB5 Enc=IDEA(128) Mac=SHA1
 KRB5-RC4-MD5            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=MD5 
 KRB5-RC4-SHA            SSLv3 Kx=KRB5     Au=KRB5 Enc=RC4(128)  Mac=SHA1
 PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
 PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
 PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
 PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
-RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
-RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
 RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
 RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
-SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1

I suggest to forcibly migrate from the old to the new default, by adding a migration fragment.

#3 Updated by Giacomo Sanchietti almost 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti almost 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti almost 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Packages in 6.7/nethserver-testing:
  • nethserver-httpd-2.4.2-1.1.ga1d012b.ns6.noarch.rpm
  • nethserver-httpd-admin-1.5.0-1.1.g946d56f.ns6.noarch.rpm
Test case 1
  • Install old nethserver-httpd package
  • Execute the attached script (see below) against httpd on port 443 and save the result on a file. Example:
    sh test 443 > old
    
  • Update the package and execute the test again:
    sh test 443 > new
    
  • Look at the differences between two files, at least the following ciphers should not be present inside the new file:
    • DHE-RSA-SEED-SHA
    • SEED-SHA
    • IDEA-CBC-SHA
Test case 2
  • Repeat the test case 1 against httpd-admin server, port 980: sh test 980

Script for cipher testing

Cut and paste following lines inside a inside a text file called test.

#!/usr/bin/env bash

port=$1

# OpenSSL requires the port number.
SERVER=127.0.0.1:$1
DELAY=0.4
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

for cipher in ${ciphers[@]}
do
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
  true
else
  if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
    echo $cipher
  else
    echo UNKNOWN RESPONSE
    echo $result
  fi
fi
sleep $DELAY
done

#6 Updated by dz0 0te almost 6 years ago

  • Assignee set to dz0 0te

#7 Updated by dz0 0te almost 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (dz0 0te)
  • % Done changed from 70 to 90

System and Package Version installed
VM KVM - Clean install of Nethserver 6.7b1 fully updated
Package Installed: nethserver-httpd-2.4.2-1.ns6.noarch
nethserver-httpd-admin-1.5.0-1.ns6.noarch
Other Package installed: FTP server,File server,Web server

Test Original Problem
Enhancement

Install Updated Package

yum --enablerepo=nethserver-testing update nethserver-httpd-2.4.2-1.1.ga1d012b.ns6  nethserver-httpd-admin-1.5.0-1.1.g946d56f.ns6

Test Results after install
Test case 1:
  1. diff old new
    19d18
    < DHE-RSA-SEED-SHA
    25d23
    < SEED-SHA
    28d25
    < IDEA-CBC-SHA
    
Test case 2:
  1. diff old_980 new_980
    19d18
    < DHE-RSA-SEED-SHA
    25d23
    < SEED-SHA
    28d25
    < IDEA-CBC-SHA
    

Verified or Reopen
Verified

Note
...

#8 Updated by Davide Principi almost 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

CLOSED

In nethserver-base/6.7
nethserver-httpd-2.5.0-1.ns6.noarch.rpm
nethserver-httpd-admin-1.6.0-1.ns6.noarch.rpm

Also available in: Atom PDF