Re: SSLv2 & SSLv3

[Dr. Stephen Henson]

On Mon, Jun 30, 2014, Tomas Mraz wrote:

> On Po, 2014-06-30 at 15:19 +0200, Dr. Stephen Henson wrote:
> > On Mon, Jun 30, 2014, Hubert Kario wrote:
> > 
> > > As far as misconfigured servers go, single DES and export grade ciphers
> > > are much, much more common problem at 20% and 15% respectively.
> > 
> > The security levels code also addresses that. By default any ciphersuite
> > offering below 80 bits of equivalent security is disabled along with SSLv2.
> > That includes single DES and all export ciphersuites. It's also not 
> > something
> > which can be reenabled by accident either. Even if a cipher list is set to 
> > ALL
> > those still get disabled: the only way to reenable them is to set the 
> > security
> > level to zero as well.
> > 
> > Support is unfortunately only in master at present though.
> 
> Would it be possible to get it to 1.0.2? Or is that already closed for
> enhancements? Or does it break ABI compatibility?
> 

The ABI is compliant.

I'd love to get it into 1.0.2 but since it's in a code freeze and in beta no
new features are permitted.

The changes to add security levels are rather significant and not very well
tested yet. They will be in OpenSSL 1.0.3 which will be released much sooner
than previous feature releases.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSLv2 & SSLv3

[Tomas Mraz]

On Po, 2014-06-30 at 15:19 +0200, Dr. Stephen Henson wrote:
> On Mon, Jun 30, 2014, Hubert Kario wrote:
> 
> > As far as misconfigured servers go, single DES and export grade ciphers
> > are much, much more common problem at 20% and 15% respectively.
> 
> The security levels code also addresses that. By default any ciphersuite
> offering below 80 bits of equivalent security is disabled along with SSLv2.
> That includes single DES and all export ciphersuites. It's also not something
> which can be reenabled by accident either. Even if a cipher list is set to ALL
> those still get disabled: the only way to reenable them is to set the security
> level to zero as well.
> 
> Support is unfortunately only in master at present though.

Would it be possible to get it to 1.0.2? Or is that already closed for
enhancements? Or does it break ABI compatibility?

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
  Turkish proverb
(You'll never know whether the road is wrong though.)


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSLv2 & SSLv3

[Dr. Stephen Henson]

On Mon, Jun 30, 2014, Hubert Kario wrote:

> As far as misconfigured servers go, single DES and export grade ciphers
> are much, much more common problem at 20% and 15% respectively.

The security levels code also addresses that. By default any ciphersuite
offering below 80 bits of equivalent security is disabled along with SSLv2.
That includes single DES and all export ciphersuites. It's also not something
which can be reenabled by accident either. Even if a cipher list is set to ALL
those still get disabled: the only way to reenable them is to set the security
level to zero as well.

Support is unfortunately only in master at present though.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSLv2 & SSLv3

[Hubert Kario]

- Original Message -
> From: "Hubert Kario" 
> To: openssl-dev@openssl.org
> Sent: Monday, 30 June, 2014 11:44:38 AM
> Subject: Re: SSLv2 & SSLv3
> 
> But as Steven said,

Sorry, I meant Stephen.

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hka...@redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSLv2 & SSLv3

[Hubert Kario]

- Original Message -
> From: "Kurt Roeckx" 
> To: openssl-dev@openssl.org
> Sent: Saturday, 28 June, 2014 8:05:21 PM
> Subject: Re: SSLv2 & SSLv3
> 
> 
> The most recent stats about servers I know about is:
> https://lists.fedoraproject.org/pipermail/security/2014-April/001810.html

There are newer from June:
https://lists.fedoraproject.org/pipermail/security/2014-June/001945.html
(it looks though like enabling SNI made SSLv2 sites drop off, I'll see
if I can do something about it next month)

And a bit older from May:
https://lists.fedoraproject.org/pipermail/security/2014-May/001853.html

But as Steven said, SSLv2 won't be enabled client or server side if the
default cipher order is not modified to include SSLv2 ciphers so there
is limited gain in disabling SSLv2.

As far as misconfigured servers go, single DES and export grade ciphers
are much, much more common problem at 20% and 15% respectively.
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hka...@redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSLv2 & SSLv3

[Dr. Stephen Henson]

On Sat, Jun 28, 2014, Dominyk Tiller wrote:

> 
> I wondered if you all had an opinion on disabling SSLv2 & SSLv3 during
> the ./configure process, and what kind of impact that'd have for
> end-users and general compatibility when building against an updated
> version of OpenSSL.
> 

There are several different ways SSLv2 and SSLv3 could be disabled.

If you don't include any SSLv2 ciphersuites in the cipher list (the default
does not) then SSLv2 is disabled anyway. An application that really needs to
support SSLv2 can reenable if they so wish by changing the cipher list.

If OpenSSL is configured with no-ssl2 then SSLv2 can never be used even if the
cipher string is changed. It's a similar case with no-ssl3.

The master branch links supported versions to security levels. If the security
level is higher than zero (default is 1) then SSLv2 is disabled. If the level
is 2 or higher then SSLv3 is also disabled.

There is a another possibility which OpenSSL currently doesn't support. The
default options could include SSL_OP_NO_* flags to disable SSLv2 and SSLv3 by
default. An application wishing to reenable them could clear the appropriate
flags but few (if any) existing applications do that.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: SSLv2 & SSLv3

[Jan]

So leave it in 0.9.8, and disable it by default in all newwr branches. In my 
opinion it is a bad choice to enable ssl2 by default just to be able to speak 
with insecure devices.
Cheers Jan

On 29. Juni 2014 00:17:59 MESZ, "Salz, Rich"  wrote:
>We need to support embedded clients that only speak SSL2 :(
>
>--  
>Principal Security Engineer
>Akamai Technologies, Cambridge, MA
>IM: rs...@jabber.me; Twitter: RichSalz
>
>__
>OpenSSL Project http://www.openssl.org
>Development Mailing List   openssl-dev@openssl.org
>Automated List Manager   majord...@openssl.org

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Re: SSLv2 & SSLv3

[Dr. Stephen Henson]

On Sat, Jun 28, 2014, Jeremy Farrell wrote:

> > From: Hanno Böck [mailto:ha...@hboeck.de]
> > Sent: Saturday, June 28, 2014 10:36 PM
> > 
> > On Sat, 28 Jun 2014 20:05:21 +0200
> > Kurt Roeckx  wrote:
> > 
> > > If you make such a patch, I might disable SSLv3 support in Debian,
> > > but that's unlikely to make it in jessie.
> > 
> > The openssl configure script already has a disable-ssl3 option.
> > 
> > I experimented with it a while back and it didn't have any impact. I'm
> > also running my servers without sslv3 (although the openssl there still
> > supports it, I just disable it in the software configurations).
> 
> I had a quick play with building 1.0.1g with both SSLv2 and SSLv3 disabled a 
> couple of weeks ago. There are unfortunate effects in the openssl application 
> at least, where some logic appears not to have been updated for TLS. If both 
> SSLv2 and SSLv3 are disabled, some commands are removed. For example the 
> 'ciphers' command is removed, presumably on the basis that if you don't have 
> SSLv2 or SSLv3 then you can't have any interest in cipher suites. Didn't have 
> time to pursue it further at the time, but was concerned there might be other 
> less obvious problems.
> 
> It looks like there is some work to do to make this clean across the full 
> project.

Looks like the logic in ciphers and progs.pl is rather ancient. I've just
updated it so ciphers, s_client and s_server now work with no-ssl2 no-ssl3 I'd
be interested to know if anyone sees any other side effects.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: SSLv2 & SSLv3

[Jeremy Farrell]

> From: Hanno Böck [mailto:ha...@hboeck.de]
> Sent: Saturday, June 28, 2014 10:36 PM
> 
> On Sat, 28 Jun 2014 20:05:21 +0200
> Kurt Roeckx  wrote:
> 
> > If you make such a patch, I might disable SSLv3 support in Debian,
> > but that's unlikely to make it in jessie.
> 
> The openssl configure script already has a disable-ssl3 option.
> 
> I experimented with it a while back and it didn't have any impact. I'm
> also running my servers without sslv3 (although the openssl there still
> supports it, I just disable it in the software configurations).

I had a quick play with building 1.0.1g with both SSLv2 and SSLv3 disabled a 
couple of weeks ago. There are unfortunate effects in the openssl application 
at least, where some logic appears not to have been updated for TLS. If both 
SSLv2 and SSLv3 are disabled, some commands are removed. For example the 
'ciphers' command is removed, presumably on the basis that if you don't have 
SSLv2 or SSLv3 then you can't have any interest in cipher suites. Didn't have 
time to pursue it further at the time, but was concerned there might be other 
less obvious problems.

It looks like there is some work to do to make this clean across the full 
project.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

RE: SSLv2 & SSLv3

[Salz, Rich]

I have no problem disabling it by default and think that should have been done 
awhile ago, actually.

--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz

RE: SSLv2 & SSLv3

[Salz, Rich]

We need to support embedded clients that only speak SSL2 :(

--  
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: SSLv2 & SSLv3

[Hanno Böck]

On Sat, 28 Jun 2014 20:05:21 +0200
Kurt Roeckx  wrote:

> If you make such a patch, I might disable SSLv3 support in Debian,
> but that's unlikely to make it in jessie.

The openssl configure script already has a disable-ssl3 option.

I experimented with it a while back and it didn't have any impact. I'm
also running my servers without sslv3 (although the openssl there still
supports it, I just disable it in the software configurations).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42


signature.asc
Description: PGP signature

Re: SSLv2 & SSLv3

[Kurt Roeckx]

On Sat, Jun 28, 2014 at 06:34:01PM +0100, Dominyk Tiller wrote:
> Hey all,
> 
> I wondered if you all had an opinion on disabling SSLv2 & SSLv3 during
> the ./configure process, and what kind of impact that'd have for
> end-users and general compatibility when building against an updated
> version of OpenSSL.

Debian has been build with no SSLv2 support since 2011.  There
were a few minor issues solved, but none of them were actually
related to talking to other peers.  I didn't get any complained
about not having SSLv2 support.

Last time I check there were still a few sites that only talk
SSL v2, but I guess the numbers are so low that they can and
should be ignored.

Most servers that support SSLv3 also support TLS 1.0.  It should
probably be doable to disable SSLv3 without much impact.

The most recent stats about servers I know about is:
https://lists.fedoraproject.org/pipermail/security/2014-April/001810.html

But I'm guessing you're more interested in the client side
support for TLS 1.0 or higher.  I don't have any real numbers
about it, but I'm actually less worried about the clients.

Anyway, I wouldn't mind seeing a patch that would make it possible
to build openssl without SSLv3 support.  That doesn't mean it's
going to be enabled by default, but it would give people the
option to disable it if they want to.

If you make such a patch, I might disable SSLv3 support in Debian,
but that's unlikely to make it in jessie.


Kurt

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

SSLv2 & SSLv3

[Dominyk Tiller]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hey all,

I wondered if you all had an opinion on disabling SSLv2 & SSLv3 during
the ./configure process, and what kind of impact that'd have for
end-users and general compatibility when building against an updated
version of OpenSSL.

It's a discussion that has generated quite a bit of heat in this
discussion over at Homebrew on Github:
https://github.com/Homebrew/homebrew/pull/30504

Would appreciate any input & clarity on this.

Cheers,

Dominyk
- -- 
Sent from Thunderbird for OS X. My PGP public key is automatically
attached to this email.
-BEGIN PGP SIGNATURE-
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTrvyIAAoJEIclJNuddDJspSQP/iQn3cMb7lU/XevNBCcAERue
jonKwKruEw8N7JtdlTiMNhF//XR2mqZd1WtFjxRI002Xtt/mEEM5HmYSYPgiD4vc
MIZemxyc54Ue2hdVsinGuf2e9vDJSIRXxcX75+MD4dmArtAm/vftd4dVf9sPYUcc
YaVgYDOVtzm+G6CkX9tS9eMZIEMwT1wmPJK9aOy/gaHI3hENg09Qlf13dUsP0faK
rajWcq6Kc6oIsWrvaKJkIbZzmZqCLhyrrTam11U4nRg60SLova7etMcUeZX563jL
u7NeSxgtYTtzGmln6ukqrSRN5/92bLn+X7QZOyisVNAJdOQ3d2V20JxTwtyz8mcq
S/m31jYHnP1lU/wJOFWLFdcaJt78OyfNSRiaACUeL+KxQ32UxfMsHhviW8e09Lbp
9pj5DTGFFoj+etAE0OGazgGDpHudIDzbfzIEDwzJszzWbiMcGyv7E1UxYCURpKGQ
Vc5zW1/9XZOqEU+BXwhzP8oHFg3IWsZ/Tq+4pKP4LEGSUHZsnmeRDH4NgSb6tTsK
JFBvTmHoHv46dAo6y9TWk9K1VdqvRqCrUxzEuNhaHNySBev+atsoAKoeOCRv4ezK
c9E9C5l+7HMZhnHrFbaFHN0fmH6kVWG6CiVbamKZDCgl2o8hJJeVtTJSulP4s/Gd
u+Ro3OebC842xT6SuzFX
=o6LZ
-END PGP SIGNATURE-


0x9D74326C.asc
Description: application/pgp-keys


0x9D74326C.asc.sig
Description: Binary data