Hi Joe, Your right, I've just finished running another test and changing the option to a '0' (zero) instead of a '1' has fixed the issue.
Thank you for looking over this for me. I'll give the name some thought and I'll post the updated patch once I've had a good think. ~Scott On 19 February 2013 23:23, Joe Gooch <[email protected]> wrote: > Yeah, you have the option states reversed.**** > > ** ** > > ssl_op_enable starts with SSL_OP_ALL, which includes the > SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option. (Which turns off the > countermeasure)**** > > ** ** > > To pass PCI you want pound to insert empty fragments, so you want to > remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS from ssl_op_enable and add it to > ssl_op_disable**** > > ** ** > > Seems to me your code is fine, you just need SSLNoFragment 0 in your > config. (Which means it **will** insert fragments, which is what you > want)**** > > ** ** > > Or name it something like SSLBeastAvoid 1 and swap the flag states.**** > > ** ** > > ** ** > > ** ** > > Joe**** > > ** ** > > *From:* Scott McKeown [mailto:[email protected]] > *Sent:* Tuesday, February 19, 2013 11:26 AM > *To:* [email protected] > *Subject:* Re: [Pound Mailing List] OpenSSL > SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS patch**** > > ** ** > > Hi Joe, > > Thanks for having a look at this for me. > > I've tested with SSL Labs and that all shows correct, although it does not > show anything for the Empty Fragments but it could be labeled as something > else that I'm missing. > > I've come across http://www.mcafee.com/us/mcafeesecure/index.html which > offers a free scan (nice) but I've also used > https://www.hackerguardian.com and they both show the same thing I'm > guessing it could be a false positive but I was going for a second opinion > first. > > > ~Scott > > **** > > On 19 February 2013 15:53, Joe Gooch <[email protected]> wrote:**** > > It looks to me like you’ve done the patch correctly. Not sure why it > wouldn’t be working for you.**** > > **** > > Are you using SSL labs to test?**** > > **** > > **** > > **** > > Joe**** > > **** > > *From:* Scott McKeown [mailto:[email protected]] > *Sent:* Monday, February 18, 2013 6:07 AM > *To:* [email protected] > *Subject:* [Pound Mailing List] OpenSSL > SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS patch**** > > **** > > Hi Guys, > > I've been trying to add a new option to Pound that will allow you to set a > 'SSLNoFragment' option in your pound.cfg file that when set to '1' will > enable the OpenSSL 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option. > > A copy of my attempt is below. However, with this added to my pound.cfg > file and all rebuilt using Pound 2.6 and my new option enabled like this: > > User "nobody" > Group "nobody" > LogLevel 0 > Client 30 > Timeout 60 > > ListenHTTPS > # Label: pound_vip > Address 192.168.82.199 > Port 443 > Cert "/etc/pound/certs/pound_vip.pem" > SSLHonorCipherOrder 1 > SSLAllowClientRenegotiation 0 > DisableSSLv2 > ReWriteLocation 1 > Ciphers "RC4:HIGH:!MD5:!DSS:!aNULL" > SSLNoCompression 1 > SSLNoFragment 1 > Service > BackEnd > Address 172.16.0.5 > Port 80 > End > End > End > > It seems to accept the value. However, if I run a scan on the Real IP > Address (the above addresses have been changed to protect the innocent) I > still get a warning stating: > > A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information > disclosure if an attacker intercepts encrypted traffic served from an > affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use > CBC mode are not affected. This script tries to establish an SSL/TLS remote > connection using an affected SSL version and cipher suite, and then > solicits return data. If returned application data is not fragmented with > an empty or one-byte record, it is likely vulnerable. OpenSSL uses empty > fragments as a countermeasure unless the > 'SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS' option is specified when OpenSSL is > initialized. Microsoft implemented one-byte fragments as a countermeasure, > and the setting can be controlled via the registry key > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\SendExtraRecord. > Therefore, if multiple applications use the same SSL/TLS implementation, > some may be vulnerable while others may not, depending on whether or not a > countermeasure has been enabled. Note that this script detects the > vulnerability in the SSLv3/TLSv1 protocol implemented in the server. It > does not detect the BEAST attack where it exploits the vulnerability at > HTTPS client-side (i.e., Internet browser). The detection at server-side > does not necessarily means your server is vulnerable to the BEAST attack > because the attack exploits the vulnerability at client-side, and both > SSL/TLS clients and servers can independently employ the split record > countermeasure. > > > My Pound Version details: > > # pound -V > starting... > detect_tproxy(): tproxy is is detected > tproxy: available > Version 2.6 > Configuration switches: > --enable-cert1l > --with-maxbuf=8192 > Exiting... > > > My attempted patch: > > config.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletions(-) > > diff --git a/config.c b/config.c > > --- a/config.c 2013-02-15 11:38:19.634450776 +0000 > +++ bconfig.c 2013-02-15 15:37:22.668452304 +0000 > @@ -76,7 +76,7 @@ > static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, > RewriteLocation, RewriteDestination; > static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, > BackEnd, Emergency, Priority, HAport, HAportAddr; > static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID, > DynScale; > -static regex_t ClientCert, AddHeader, DisableSSLv2, > SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression, Ciphers; > +static regex_t ClientCert, AddHeader, DisableSSLv2, > SSLAllowClientRenegotiation, SSLHonorCipherOrder, SSLNoCompression, > SSLNoFragment, Ciphers; > static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, > ConnTO, IgnoreCase, HTTPS, HTTPSCert; > static regex_t Disabled, Threads, CNName; > > @@ -1082,6 +1082,14 @@ > ssl_op_disable |= SSL_OP_NO_COMPRESSION; > ssl_op_enable &= ~SSL_OP_NO_COMPRESSION; > } > + } else if(!regexec(&SSLNoFragment, lin, 4, matches, 0)) { > + if (atoi(lin + matches[1].rm_so)) { > + ssl_op_enable |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; > + ssl_op_disable &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; > + } else { > + ssl_op_disable |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; > + ssl_op_enable &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; > + } > } else if(!regexec(&Ciphers, lin, 4, matches, 0)) { > has_other = 1; > if(res->ctx == NULL) > @@ -1376,6 +1384,7 @@ > || regcomp(&DisableSSLv2, "^[ \t]*DisableSSLv2[ \t]*$", REG_ICASE | > REG_NEWLINE | REG_EXTENDED) > || regcomp(&SSLHonorCipherOrder, "^[ \t]*SSLHonorCipherOrder[ > \t]+([01])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&SSLNoCompression, "^[ \t]*SSLNoCompression[ \t]+([01])[ > \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) > + || regcomp(&SSLNoFragment, "^[ \t]*SSLNoFragment[ \t]+([01])[ \t]*$", > REG_ICASE | REG_NEWLINE | REG_EXTENDED) > || regcomp(&Ciphers, "^[ \t]*Ciphers[ \t]+\"(.+)\"[ \t]*$", REG_ICASE > | REG_NEWLINE | REG_EXTENDED) > || regcomp(&CAlist, "^[ \t]*CAlist[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | > REG_NEWLINE | REG_EXTENDED) > || regcomp(&VerifyList, "^[ \t]*VerifyList[ \t]+\"(.+)\"[ \t]*$", > REG_ICASE | REG_NEWLINE | REG_EXTENDED) > @@ -1541,6 +1550,7 @@ > regfree(&DisableSSLv2); > regfree(&SSLHonorCipherOrder); > regfree(&SSLNoCompression); > + regfree(&SSLNoFragment); > regfree(&Ciphers); > regfree(&CAlist); > regfree(&VerifyList); > > > Any help or advice would be most welcome. > > > -- > With Kind Regards. > > Scott McKeown > Loadbalancer.org > http://www.loadbalancer.org**** > > > > > -- > With Kind Regards. > > Scott McKeown > Loadbalancer.org > http://www.loadbalancer.org**** > -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
