{"id":3646,"date":"2014-10-19T09:05:07","date_gmt":"2014-10-19T01:05:07","guid":{"rendered":"http:\/\/rmohan.com\/?p=3646"},"modified":"2014-10-19T10:10:32","modified_gmt":"2014-10-19T02:10:32","slug":"poodle-padding-oracle-on-downgraded-legacy-encryption","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=3646","title":{"rendered":"POODLE = Padding Oracle On Downgraded Legacy Encryption"},"content":{"rendered":"

POODLE = Padding Oracle On Downgraded Legacy Encryption<\/strong><\/p>\n

B.E.A.S.T (Browser Exploit Against SSL TLS)<\/strong>
\nAffected systems:
\nNetscape 3.0 ssl tls Netscape affected system: tls Netscape 1.2 Netscape 1.1 tls tls Netscape 1.0
\nDescription: CVE (CAN) ID: CVE-2014-3566<\/p>\n

SSL3.0 is obsolete and no security protocol, has been TLS 1.0, TLS 1.1, TLS 1.2 substitution, for compatibility reasons, most of the TLS implementation is still compatible SSL3.0.<\/p>\n

Order generic considerations, the current versions of most browsers support SSL3.0, handshake phase contains a version of the TLS protocol negotiation procedure, in general, the client and the latest version of the protocol server will be used. When the handshake phase of its server version of consultations carried out, first offer its latest version of the support agreement, if the handshake fails, then try to negotiate an older version of the protocol. An attacker able to implement the-middle attack by the affected versions of the browser and the server side using the newer protocol negotiated connection fails, you can successfully downgrade attack, allowing the client and server communicate using insecure SSL3.0, At this time, due to the use of SSL 3.0 CBC block encryption implementations exist vulnerability, an attacker can successfully break the encryption SSL connection information, such as access to the user cookie data. This attack is called POODL attack (Padding Oracle On downgraded Legacy Encryption).<\/p>\n

This vulnerability affects the majority of SSL server and client, extensive sphere of influence. If you want to use, but the attacker is successful, need to be able to control data (Executive middle attack) between the client and the server.
\nOn October 14th, 2014, a vulnerability in version 3 of the SSL encryption protocol was disclosed. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read information encrypted with this version of the protocol in plain text using a man-in-the-middle attack.<\/p>\n

Although SSLv3 is an older version of the protocol which is mainly obsolete, many pieces of software still fall back on SSLv3 if better encryption options are not available. More importantly, it is possible for an attacker to force SSLv3 connections if it is an available alternative for both participants attempting a connection.<\/p>\n

The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3. Because this is a flaw with the protocol design, and not an implementation issue, every piece of software that uses SSLv3 is vulnerable.<\/p>\n

To find out more information about the vulnerability, consult the CVE information found at CVE-2014-3566.<\/p>\n

What is the POODLE Vulnerability?<\/strong>
\nThe POODLE vulnerability is a weakness in version 3 of the SSL protocol that allows an attacker in a man-in-the-middle context to decipher the plain text content of an SSLv3 encrypted message.<\/p>\n

Who is Affected by this Vulnerability?<\/strong>
\nThis vulnerability affects every piece of software that can be coerced into communicating with SSLv3. This means that any software that implements a fallback mechanism that includes SSLv3 support is vulnerable and can be exploited.<\/p>\n

Some common pieces of software that may be affected are web browsers, web servers, VPN servers, mail servers, etc.<\/p>\n

How Does It Work?<\/strong>
\nIn short, the POODLE vulnerability exists because the SSLv3 protocol does not adequately check the padding bytes that are sent with encrypted messages.<\/p>\n

Since these cannot be verified by the receiving party, an attacker can replace these and pass them on to the intended destination. When done in a specific way, the modified payload will potentially be accepted by the recipient without complaint.<\/p>\n

An average of once out of every 256 requests will accepted at the destination, allowing the attacker to decrypt a single byte. This can be repeated easily in order to progressively decrypt additional bytes. Any attacker able to repeatedly force a participant to resend data using this protocol can break the encryption in a very short amount of time.<\/p>\n

How Can I Protect Myself?<\/strong>
\nActions should be taken to ensure that you are not vulnerable in your roles as both a client and a server. Since encryption is usually negotiated between clients and servers, it is an issue that involves both parties.<\/p>\n

Servers and clients should should take steps to disable SSLv3 support completely. Many applications use better encryption by default, but implement SSLv3 support as a fallback option. This should be disabled, as a malicious user can force SSLv3 communication if both participants allow it as an acceptable method.<\/p>\n

How To Protect Common Applications<\/strong>
\nBelow, we’ll cover how to disable SSLv3 on some common server applications. Take care to evaluate your servers to protect any additional services that may rely on SSL\/TCP encryption.<\/p>\n

Because the POODLE vulnerability does not represent an implementation problem and is an inherent issue with the entire protocol, there is no workaround and the only reliable solution is to not use it.<\/p>\n

Apache<\/strong>
\nUse the following command in the mod_ssl configuration file to disable SSLv2 and SSLv3:
\nSSLProtocol all -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
\nrestart Apache<\/p>\n

IBM IHS<\/strong>
\nSSLProtocolDisable SSLv2 SSLv3
\nrestart ibm ihs<\/p>\n

How to test the sslv3 enabled\u00a0<\/strong><\/p>\n

openssls_client -connect <webserver>:443 -ssl3<\/strong><\/p>\n

 <\/p>\n

Nginx<\/strong><\/p>\n

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
\nrestart Nginx
\nIIS<\/strong><\/p>\n

IIS:<\/strong>
\nFind the following registry key:
\nHKey_Local_Machine\\System\\CurrentControlSet\\Control\\SecurityProviders \\SCHANNEL\\Protocols
\nof the registry entry usually contains the following subkey:
\n* PCT 1.0
\n* SSL 2.0
\n* SSL 3.0
\n* TLS 1.0
\nare reserved for each registry entry The agreement applies to the relevant information. You can disable any of these agreements on the server. To do this,
\ncreate a new DWORD value in the protocol SSL Server 3.0’s child. Set the DWORD value to “00 million.”<\/p>\n

Browser Prohibited Method:<\/p>\n

IE:
\n“Tools” ->”Internet Options” -> “Advanced”, uncheck “Use SSL 3.0” check box.<\/p>\n

Chrome:<\/p>\n

Copy a shortcut usually open Chrome browser on the new shortcut, right-click, enter the property,
\nat the end of the “target” in the field of space after entering the following command –ssl-version-min = tls1<\/p>\n

FireFox:<\/p>\n

In the address bar, enter “about: config”, then security.tls.version.min adjusted to 1.<\/p>\n

MySQL<\/strong><\/p>\n

openssl ciphers -v ‘DEFAULT’ | awk ‘\/SSLv3 Kx=(RSA|DH|DH(512))\/ { print $1 }’
\nDHE-RSA-AES256-SHA
\nDHE-DSS-AES256-SHA
\nDHE-RSA-CAMELLIA256-SHA
\nDHE-DSS-CAMELLIA256-SHA
\nAES256-SHA
\nCAMELLIA256-SHA
\nEDH-RSA-DES-CBC3-SHA
\nEDH-DSS-DES-CBC3-SHA
\nDES-CBC3-SHA
\nDHE-RSA-AES128-SHA
\nDHE-DSS-AES128-SHA
\nDHE-RSA-SEED-SHA
\nDHE-DSS-SEED-SHA
\nDHE-RSA-CAMELLIA128-SHA
\nDHE-DSS-CAMELLIA128-SHA
\nAES128-SHA
\nSEED-SHA
\nCAMELLIA128-SHA
\nRC4-SHA
\nRC4-MD5
\nEDH-RSA-DES-CBC-SHA
\nEDH-DSS-DES-CBC-SHA
\nDES-CBC-SHA
\nEXP-EDH-RSA-DES-CBC-SHA
\nEXP-EDH-DSS-DES-CBC-SHA
\nEXP-DES-CBC-SHA
\nEXP-RC2-CBC-MD5
\nEXP-RC4-MD5<\/p>\n

mysql -se \u201cSHOW STATUS LIKE \u2018Ssl_cipher_list’\u201d | sed \u2018s\/:\/n\/g\u2019 | sed \u2018s\/Ssl_cipher_listss\/\/g\u2019 |
\nwhile read sspec;
\ndo SPEC=openssl ciphers -v \u201c$sspec\u201d 2>\/dev\/null | grep -v SSLv3 | awk \u2018{print $1}’;
\n[[ “$sspec” == “$SPEC” ]] && mysql \u2013ssl-cipher=$sspec -e QUIT 2>\/dev\/null && echo \u201c$sspec OK\u201d;
\ndone
\nHAPROXY<\/strong><\/p>\n

To disable SSLv3 in an HAProxy load balancer, you will need to open the haproxy.cfg file.<\/p>\n

This is located at \/etc\/haproxy\/haproxy.cfg:<\/p>\n

nano \/etc\/haproxy\/haproxy.cfg
\nIn your front end configuration, if you have SSL enabled, your bind directive will specify the public IP address and port. If you are using SSL, you will want to add no-sslv3 to the end of this line:<\/p>\n

frontend name
\nbind public_ip:443 ssl crt \/path\/to\/certs no-sslv3
\nSave and close the file.<\/p>\n

You will need to restart the service to implement the changes:<\/p>\n

service haproxy restart
\nOpenVPN VPN Server<\/strong>
\nRecent versions of OpenVPN actually do not allow SSLv3. The service is not vulnerable to this specific problem, so you will not need to adjust your configuration.<\/p>\n

See this post on the OpenVPN forums for more information.<\/p>\n

Postfix SMTP Server<\/strong>
\nIf your Postfix configuration is set up to require encryption, it will use a directive called smtpd_tls_mandatory_protocols.<\/p>\n

You can find this in the main Postfix configuration file:<\/p>\n

nano \/etc\/postfix\/main.cf
\nFor a Postfix server set up to use encryption at all times, you can ensure that SSLv3 and SSLv2 are not accepted by setting this parameter. If you do not force encryption, you do not have to do anything:<\/p>\n

smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3
\nSave your configuration. Restart the service to implement your changes:<\/p>\n

service postfix restart
\nDovecot IMAP and POP3 Server
\nIn order to disable SSLv3 on a Dovecot server, you will need to adjust a directive called ssl_protocols. Depending on your distributions packaging methods, SSL configurations may be kept in an alternate configuration file.<\/p>\n

For most distros, you can adjust this directive by opening this file:<\/p>\n

nano \/etc\/dovecot\/conf.d\/10-ssl.conf
\nInside, if you are using Dovecot 2.1 or higher, set the ssl_protocols directive to disable SSLv2 and SSLv3:<\/p>\n

ssl_protocols = !SSLv3 !SSLv2
\nIf you are using a version of Dovecot lower than 2.1, you can set the ssl_cipher_list to disallow SSLv3 like this:<\/p>\n

ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!SSLv3
\nSave and close the file.<\/p>\n

Restart the service in order to implement your changes:<\/p>\n

service dovecot restart<\/p>\n","protected":false},"excerpt":{"rendered":"

POODLE = Padding Oracle On Downgraded Legacy Encryption<\/p>\n

B.E.A.S.T (Browser Exploit Against SSL TLS) Affected systems: Netscape 3.0 ssl tls Netscape affected system: tls Netscape 1.2 Netscape 1.1 tls tls Netscape 1.0 Description: CVE (CAN) ID: CVE-2014-3566<\/p>\n

SSL3.0 is obsolete and no security protocol, has been TLS 1.0, TLS 1.1, TLS 1.2 substitution, for compatibility […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,12,5,35,4],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3646"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3646"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3646\/revisions"}],"predecessor-version":[{"id":3647,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/3646\/revisions\/3647"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3646"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3646"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3646"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}