Re: How to use SSL? (SSL is enabled but not used)
On 8/17/2010 6:02 PM, Anders Kaseorg wrote: On Wed, 2010-08-11 at 14:23 -0400, Shawn Green (MySQL) wrote: On 8/9/2010 5:27 PM, Yves Goergen wrote: What's that supposed to mean? If there's no way to force the connection into SSL, it is entirely useless. Anyone on the wire could simply pretend that the server doesn't support SSL and so deny the encryption and the client wouldn't even care... If you don't want to require SSL on the local connections then don't set the flag on the @localhost account. If you want the SSL required on the other connections, then set it on the @'...' version of the account that the remote users login through. Excuse me, but isn’t Yves exactly right here? None of the client-side options (I tried --ssl, --ssl-ca=…, --ssl-verify-server-cert, --ssl-key=…, --ssl-cipher=…) can currently be used to force an SSL connection to be used. And requiring SSL from the server side does nothing to stop man-in-the-middle attacks. (Suppose Bob the SQL server grants some privileges to Alice the user with SSL required. Now Alice can log in with her password over SSL and gets denied over non-SSL. Great. But now Mallory comes along and intercepts a connection from Alice intended for Bob. Even if Bob would have claimed that he requires SSL, nothing stops Mallory from claiming that she doesn’t require SSL. Because Alice cannot force the use of SSL from the client side, Alice will make a successful unencrypted connection to Mallory. Then Mallory can accept the connection, ignoring Alice’s authentication, and steal Alice’s data; or Mallory can make a separate SSL connection to Bob, forward Alice’s authentication over it, then take over and issue evil commands to Bob.) This same issue was reported back in 2004 and ignored: http://bugs.mysql.com/bug.php?id=3138 I think this is a serious security problem that demands more attention than dismissal as documented behavior. To solve it, there needs to be a way to force the use of SSL from the client side. Anders If the server specifies REQUIRES SSL then that client cannot connect without going through the full SSL validation process. This means that Mallory would need to present the same security credentials that Alice has in order to qualify as a secure user (the same certs, same password, login from the correct host, etc). Your redirect has pointed out to me what I missed in Yves's first post. In order for the client to require an SSL connection, you have to designate a certificate for it to use for the connection. From the same page but a few lines above the line he quoted ## This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca option, and possibly the --ssl-cert and --ssl-key options. ## So you can see that using just the --ssl option by itself is not specific enough to designate which certificate a client is designated to use. You can specify these options either on the command line or in the configuration file used by the client (put them in the [mysql] section). In your simulated MITM attack, if Alice was using the specific --ssl-* options on her connection attempt, then Mallory would need to hold the server-side equivalents in order to pose as the server. Since the likelihood of this is small (except in the case of a physical hack of the server's cert files which no amount of digital manipulation can really avoid) then Mallory would be unable to pose as Bob and the intercept would fail. Does this help close the security hole you perceived in our SSL implementation? -- Shawn Green MySQL Principal Technical Support Engineer Oracle USA, Inc. Office: Blountville, TN -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On 8/17/2010 6:13 PM, Yves Goergen wrote: ... snip ... (Oh look, the MySQL guy already has an oracle.com e-mail address...) And for a for about two years before that, I had a sun.com email address, too. MySQL has not been an independent company for quite a while. Google it if you don't believe me. Sun made many headlines when they bought MySQL for one billion (10) US Dollars. I still work for MySQL (the combined products) even if there no longer is a MySQL, Inc. (the company). -- Shawn Green MySQL Principal Technical Support Engineer Oracle USA, Inc. Office: Blountville, TN -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On Wed, 18 Aug 2010, Shawn Green (MySQL) wrote: If the server specifies REQUIRES SSL then that client cannot connect without going through the full SSL validation process. This means that Mallory would need to present the same security credentials that Alice has in order to qualify as a secure user (the same certs, same password, login from the correct host, etc). Mallory got the username and hashed password from Alice over the unencrypted connection, and we assume that Mallory, like any good MITM, has the ability to intercept and forge traffic for arbitrary hosts. So this attack goes through against anyone using passwords over SSL. This already constitutes a vulnerability. Setting up client certificates does help to prevent this form of attack where Mallory tries to issue evil commands to Bob. It does not, however, prevent the attack where Mallory ignores Bob, and uses only the unencrypted connection to steal data from Alice or poison her with false data. This also constitutes a vulnerability, which, as far as I can see, cannot be prevented in any way with the current MySQL software. Your redirect has pointed out to me what I missed in Yves's first post. In order for the client to require an SSL connection, you have to designate a certificate for it to use for the connection. No, that doesn’t work either! Against a server with SSL disabled: $ mysql --ssl --ssl-verify-server-cert \ --ssl-ca=/etc/ssl/certs/ca-certificates.crt \ --ssl-cert=Private/andersk.pem \ --ssl-key=Private/andersk.pem \ -h MY-SERVER Welcome to the MySQL monitor. Commands end with ; or \g. … mysql \s -- mysql Ver 14.14 Distrib 5.1.49, for debian-linux-gnu (x86_64) using readline 6.1 … SSL:Not in use From the same page but a few lines above the line he quoted ## This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca option, and possibly the --ssl-cert and --ssl-key options. ## This documentation appears to be wrong. Anders -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On 8/18/2010 2:22 PM, Anders Kaseorg wrote: On Wed, 18 Aug 2010, Shawn Green (MySQL) wrote: If the server specifies REQUIRES SSL then that client cannot connect without going through the full SSL validation process. This means that Mallory would need to present the same security credentials that Alice has in order to qualify as a secure user (the same certs, same password, login from the correct host, etc). Mallory got the username and hashed password from Alice over the unencrypted connection, and we assume that Mallory, like any good MITM, has the ability to intercept and forge traffic for arbitrary hosts. So this attack goes through against anyone using passwords over SSL. This already constitutes a vulnerability. Setting up client certificates does help to prevent this form of attack where Mallory tries to issue evil commands to Bob. It does not, however, prevent the attack where Mallory ignores Bob, and uses only the unencrypted connection to steal data from Alice or poison her with false data. This also constitutes a vulnerability, which, as far as I can see, cannot be prevented in any way with the current MySQL software. Your redirect has pointed out to me what I missed in Yves's first post. In order for the client to require an SSL connection, you have to designate a certificate for it to use for the connection. No, that doesn’t work either! Against a server with SSL disabled: $ mysql --ssl --ssl-verify-server-cert \ --ssl-ca=/etc/ssl/certs/ca-certificates.crt \ --ssl-cert=Private/andersk.pem \ --ssl-key=Private/andersk.pem \ -h MY-SERVER Welcome to the MySQL monitor. Commands end with ; or \g. … mysql \s -- mysql Ver 14.14 Distrib 5.1.49, for debian-linux-gnu (x86_64) using readline 6.1 … SSL:Not in use From the same page but a few lines above the line he quoted ## This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca option, and possibly the --ssl-cert and --ssl-key options. ## This documentation appears to be wrong. Anders Excellent logic. I have updated bug #3138 with a private comment to explain your presentation of the vulnerability. http://bugs.mysql.com/bug.php?id=3138 -- Shawn Green MySQL Principal Technical Support Engineer Oracle USA, Inc. Office: Blountville, TN -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On Aug 18, 2010, at 1:34 PM, Shawn Green (MySQL) wrote: On 8/18/2010 2:22 PM, Anders Kaseorg wrote: On Wed, 18 Aug 2010, Shawn Green (MySQL) wrote: If the server specifies REQUIRES SSL then that client cannot connect without going through the full SSL validation process. This means that Mallory would need to present the same security credentials that Alice has in order to qualify as a secure user (the same certs, same password, login from the correct host, etc). Mallory got the username and hashed password from Alice over the unencrypted connection, and we assume that Mallory, like any good MITM, has the ability to intercept and forge traffic for arbitrary hosts. So this attack goes through against anyone using passwords over SSL. This already constitutes a vulnerability. Setting up client certificates does help to prevent this form of attack where Mallory tries to issue evil commands to Bob. It does not, however, prevent the attack where Mallory ignores Bob, and uses only the unencrypted connection to steal data from Alice or poison her with false data. This also constitutes a vulnerability, which, as far as I can see, cannot be prevented in any way with the current MySQL software. Your redirect has pointed out to me what I missed in Yves's first post. In order for the client to require an SSL connection, you have to designate a certificate for it to use for the connection. No, that doesn’t work either! Against a server with SSL disabled: $ mysql --ssl --ssl-verify-server-cert \ --ssl-ca=/etc/ssl/certs/ca-certificates.crt \ --ssl-cert=Private/andersk.pem \ --ssl-key=Private/andersk.pem \ -h MY-SERVER Welcome to the MySQL monitor. Commands end with ; or \g. … mysql \s -- mysql Ver 14.14 Distrib 5.1.49, for debian-linux-gnu (x86_64) using readline 6.1 … SSL: Not in use From the same page but a few lines above the line he quoted ## This option is not sufficient in itself to cause an SSL connection to be used. You must also specify the --ssl-ca option, and possibly the --ssl-cert and --ssl-key options. ## This documentation appears to be wrong. Anders Excellent logic. I have updated bug #3138 with a private comment to explain your presentation of the vulnerability. http://bugs.mysql.com/bug.php?id=3138 Shawn, Anders, Yves, For what it's worth, the MySQL JDBC driver has had client-side SSL require (i.e. requireSSL=true) since 2003 and the ADO.Net driver has had SSL Mode=Required since 2009. -Mark -- Mark Matthews Principal Software Developer - MySQL Enterprise Tools Oracle http://www.mysql.com/products/enterprise/monitor.html -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On 18.08.2010 20:42 CE(S)T, Mark Matthews wrote: For what it's worth, the MySQL JDBC driver has had client-side SSL require (i.e. requireSSL=true) since 2003 and the ADO.Net driver has had SSL Mode=Required since 2009. Cool, so would it be possible to also have this in the MySQL Workbench client which seems to be .NET-based? -- Yves Goergen LonelyPixel nospam.l...@unclassified.de Visit my web laboratory at http://beta.unclassified.de -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On Wed, 2010-08-11 at 14:23 -0400, Shawn Green (MySQL) wrote: On 8/9/2010 5:27 PM, Yves Goergen wrote: What's that supposed to mean? If there's no way to force the connection into SSL, it is entirely useless. Anyone on the wire could simply pretend that the server doesn't support SSL and so deny the encryption and the client wouldn't even care... If you don't want to require SSL on the local connections then don't set the flag on the @localhost account. If you want the SSL required on the other connections, then set it on the @'...' version of the account that the remote users login through. Excuse me, but isn’t Yves exactly right here? None of the client-side options (I tried --ssl, --ssl-ca=…, --ssl-verify-server-cert, --ssl-key=…, --ssl-cipher=…) can currently be used to force an SSL connection to be used. And requiring SSL from the server side does nothing to stop man-in-the-middle attacks. (Suppose Bob the SQL server grants some privileges to Alice the user with SSL required. Now Alice can log in with her password over SSL and gets denied over non-SSL. Great. But now Mallory comes along and intercepts a connection from Alice intended for Bob. Even if Bob would have claimed that he requires SSL, nothing stops Mallory from claiming that she doesn’t require SSL. Because Alice cannot force the use of SSL from the client side, Alice will make a successful unencrypted connection to Mallory. Then Mallory can accept the connection, ignoring Alice’s authentication, and steal Alice’s data; or Mallory can make a separate SSL connection to Bob, forward Alice’s authentication over it, then take over and issue evil commands to Bob.) This same issue was reported back in 2004 and ignored: http://bugs.mysql.com/bug.php?id=3138 I think this is a serious security problem that demands more attention than dismissal as documented behavior. To solve it, there needs to be a way to force the use of SSL from the client side. Anders -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On 18.08.2010 00:02 CE(S)T, Anders Kaseorg wrote: This same issue was reported back in 2004 and ignored: http://bugs.mysql.com/bug.php?id=3138 Oh dear, 2004... I think this is a serious security problem that demands more attention than dismissal as documented behavior. To solve it, there needs to be a way to force the use of SSL from the client side. I have another suggestion: remove SSL support from MySQL alltogether and declare the protocol as unsafe and only use it over secure networks like VPN. Since MySQL is now Oracle and it's not Oracle's main business, regarding recent bad news about Oracle, we can imagine what will happen this time. Exactly! Nothing. (Oh look, the MySQL guy already has an oracle.com e-mail address...) -- Yves Goergen LonelyPixel nospam.l...@unclassified.de Visit my web laboratory at http://beta.unclassified.de -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On Wed, 18 Aug 2010, Yves Goergen wrote: Since MySQL is now Oracle […] Yves, I think we should be treating this security issue seriously, and working with Shawn and the MySQL team towards solving it constructively, instead of just taking potshots at their new company. Anders -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
On 8/9/2010 5:27 PM, Yves Goergen wrote: Does anybody know how to use SSL-secured connections to a MySQL server? Has anybody done that at all? In the manual I have now found the following statement: http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html Note that use of --ssl does not require an SSL connection. For example, if the server or client is compiled without SSL support, a normal unencrypted connection is used. What's that supposed to mean? If there's no way to force the connection into SSL, it is entirely useless. Anyone on the wire could simply pretend that the server doesn't support SSL and so deny the encryption and the client wouldn't even care... I don't want to use REQUIRE SSL for an account that is regularly used locally and doesn't need SSL. SSL should really be selected by the client per connection when connecting from some other untrusted network. The whole SSL thing looks pretty unfinished like that. If you don't want to require SSL on the local connections then don't set the flag on the @localhost account. If you want the SSL required on the other connections, then set it on the @'...' version of the account that the remote users login through. All MySQL accounts are tripartate. They consist of: 1) a login (user), 2) a host designation (or wildcard pattern), and 3) a password. Use that host portion of the account to make the distinction between local and remote logins. More about how the MySQL authentication works is available in the manual: http://dev.mysql.com/doc/refman/5.1/en/user-account-management.html -- Shawn Green MySQL Principal Technical Support Engineer Oracle USA, Inc. Office: Blountville, TN -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
Re: How to use SSL? (SSL is enabled but not used)
Does anybody know how to use SSL-secured connections to a MySQL server? Has anybody done that at all? In the manual I have now found the following statement: http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html Note that use of --ssl does not require an SSL connection. For example, if the server or client is compiled without SSL support, a normal unencrypted connection is used. What's that supposed to mean? If there's no way to force the connection into SSL, it is entirely useless. Anyone on the wire could simply pretend that the server doesn't support SSL and so deny the encryption and the client wouldn't even care... I don't want to use REQUIRE SSL for an account that is regularly used locally and doesn't need SSL. SSL should really be selected by the client per connection when connecting from some other untrusted network. The whole SSL thing looks pretty unfinished like that. -- Yves Goergen LonelyPixel nospam.l...@unclassified.de Visit my web laboratory at http://beta.unclassified.de -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org
How to use SSL? (SSL is enabled but not used)
Hello, I have setup a MySQL 5.1 server on Ubuntu Linux 10.4 and created an SSL certificate and key. I updated the MySQL configuration to point to the SSL files. There's no error message at startup in MySQL's error log. (Before I granted the process access to the SSL files through AppArmor, there was an error message that it couldn't get the SSL files, so I assume MySQL really reads the file now.) In MySQL Workbench 5.2.25 I enabled the use of SSL for the connection, but the statement show variables like '%ssl%' doesn't show a value for ssl_cipher. Here's the entire output: have_opensslYES have_sslYES ssl_ca ssl_capath ssl_cert/etc/ssl/private/cert-.de ssl_cipher ssl_key /etc/ssl/private/cert-.de From the wording in the client, I believe that the SSL option is pretty much useless. It reads that it will use SSL if it's available [in the client library]. It probably wouldn't use it too if the server didn't support it. So in the end, it may or may not use SSL to its own liking. Where's the switch where I can force the use of SSL? I don't want to send my authentication data in plain text over the network before I can even verify that SSL is in use? And still why doesn't it use SSL in my case? -- Yves Goergen LonelyPixel nospam.l...@unclassified.de Visit my web laboratory at http://beta.unclassified.de -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/mysql?unsub=arch...@jab.org