Re: really drop SSLv2

[Joe McDonagh]

On 08/08/2010 09:34 PM, Jim Tarvid wrote:
> The point is passing Credit Card compliance tests. OOB, Ubuntu doesn't do so
> well. Spent the last two weeks getting through the process. I'll write it up
> in some detail but the key points were:
> 
>- ciphers
>- protocols
>- ip separation
>- NameVirtualHosts
>- no default directory paths
>- modsecurity
>- TRACE - took rewrite rules to  get rid of it
>- server isolation (smtp, pop, imap, dns, ntp)
>- utility isolation (phpmyadmin, phpinfo, cacti, webmin)
>- secure ftp
> 

Jim, I advise you to check out puppet. I can't even begin to explain the
amount of time I have saved by encapsulating all of this in puppet modules.

> 

>>
>> I do not really see the point.  Since the client and the server will
>> negotiate the strongest cipher they both support, what exactly would we
>> gain by removing cipher considered weak?
>>
>>
>> --
>> Etienne Goyer
>> Technical Account Manager - Canonical Ltd
>> Ubuntu Certified Instructor   -LPIC-3
>>

Etienne: Right, but it's actually for the security of your users. If the
server says no to all weak ciphers, a weak client can't connect. It's
effectively saving your users from shooting themselves in the foot by
getting MitM'd or something. And, as Jim has said, you need it to pass PCI.
-- 
Joe McDonagh
AIM: YoosingYoonickz
IRC: joe-mac on freenode
L'ennui est contre-révolutionnaire


-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Daniel J Blueman]

On 5 August 2010 12:17, Jim Tarvid  wrote:
> On Wed, Aug 4, 2010 at 6:05 PM, Kees Cook  wrote:
>>
>> Hi Jim,
>>
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>> > Why not kill the weak ciphers too?
>>
>> Sure! Can you send a patch for this?

> Many thought and caveats.
>
> Old browsers may not be able to negotiate SSLCipherSuite HIGH. I don't know
> and I don't care
> Only the most ancient browsers will not be able to negotiate TLSv1 or SSLv3.
> see #1

> Daniel J Blueman may want NULL (eNULL) instead of NONE

Good info, but no cigar:

$ ssh -o ciphers=NULL x1
command-line line 0: Bad SSH2 cipher spec 'NULL'.

I guess I should select it a different way? 'none' is a valid cipher
when enabled in the configure script.

Thanks,
  Daniel
-- 
Daniel J Blueman

-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Paul Graydon]

 That's strange.  I've always been able to disable successfully Trace 
and Track through adding the following line to the config file:


TraceEnable off

I'd think I'd be inclined to argue for that being set by default, but it 
depends on whether PCI-DSS compliance is valued over RFC compliance as 
disabling it makes the Apache httpd setup non-RFC compliant (HTTP1.1 
specification, section 9.8: http://www.ietf.org/rfc/rfc2616.txt)


Paul

On 8/8/2010 3:34 PM, Jim Tarvid wrote:
The point is passing Credit Card compliance tests. OOB, Ubuntu doesn't 
do so well. Spent the last two weeks getting through the process. I'll 
write it up in some detail but the key points were:


* ciphers
* protocols
* ip separation
* NameVirtualHosts
* no default directory paths
* modsecurity
* TRACE - took rewrite rules to  get rid of it
* server isolation (smtp, pop, imap, dns, ntp)
* utility isolation (phpmyadmin, phpinfo, cacti, webmin)
* secure ftp

Now I would like a script to monitor sites and home pages on a daily 
basis to I can catch PHP issues.


On Thu, Aug 5, 2010 at 10:02 AM, Etienne Goyer 
mailto:etienne.go...@canonical.com>> wrote:

> On 10-08-04 06:05 PM, Kees Cook wrote:
>> Hi Jim,
>>
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>>> Why not kill the weak ciphers too?
>>
>> Sure! Can you send a patch for this?
>
> I do not really see the point.  Since the client and the server will
> negotiate the strongest cipher they both support, what exactly would we
> gain by removing cipher considered weak?
>
>
> --
> Etienne Goyer
> Technical Account Manager - Canonical Ltd
> Ubuntu Certified Instructor   -LPIC-3
>
>  ~= Ubuntu: Linux for Human Beings =~
>
> --
> ubuntu-devel mailing list
> ubuntu-de...@lists.ubuntu.com 
> Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

>



--
Rev. Jim Tarvid, PCA
Galax, Virginia
http://ls.net
http://drupal.ls.net





-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Jim Tarvid]

The point is passing Credit Card compliance tests. OOB, Ubuntu doesn't do so
well. Spent the last two weeks getting through the process. I'll write it up
in some detail but the key points were:

   - ciphers
   - protocols
   - ip separation
   - NameVirtualHosts
   - no default directory paths
   - modsecurity
   - TRACE - took rewrite rules to  get rid of it
   - server isolation (smtp, pop, imap, dns, ntp)
   - utility isolation (phpmyadmin, phpinfo, cacti, webmin)
   - secure ftp

Now I would like a script to monitor sites and home pages on a daily basis
to I can catch PHP issues.

On Thu, Aug 5, 2010 at 10:02 AM, Etienne Goyer 
wrote:
> On 10-08-04 06:05 PM, Kees Cook wrote:
>> Hi Jim,
>>
>> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>>> Why not kill the weak ciphers too?
>>
>> Sure! Can you send a patch for this?
>
> I do not really see the point.  Since the client and the server will
> negotiate the strongest cipher they both support, what exactly would we
> gain by removing cipher considered weak?
>
>
> --
> Etienne Goyer
> Technical Account Manager - Canonical Ltd
> Ubuntu Certified Instructor   -LPIC-3
>
>  ~= Ubuntu: Linux for Human Beings =~
>
> --
> ubuntu-devel mailing list
> ubuntu-de...@lists.ubuntu.com
> Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>



-- 
Rev. Jim Tarvid, PCA
Galax, Virginia
http://ls.net
http://drupal.ls.net
-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Daniel J Blueman]

On 4 August 2010 23:05, Kees Cook  wrote:
> Hi Jim,
>
> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
>> Why not kill the weak ciphers too?
>
> Sure! Can you send a patch for this?

If this is done, please reenable the 'none' cypher, so we can get
decent performance on slow/small systems where security isn't
important (eg on a trusted LAN). I believe Debian disabled this
previously, so I was using arcfour128, which is a 'weak' cipher.

I agree to removing weak ciphers and SSLv2 to ensure people don't get
a false sense of security, or use broken protocols.

Thanks,
  Daniel

> Thanks!
>
> -Kees
>
>>
>> On Mon, Jul 19, 2010 at 6:09 PM, Eric Peters  wrote:
>>
>> > Like Scott said make it die! But I guarantee it's going to break something,
>> > what that something is the question.
>> >
>> > Cheers,
>> > Eric
>> >
>> >
>> > On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook  wrote:
>> >
>> >> Hi Laurent,
>> >>
>> >> On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
>> >> > Le Mon, 19 Jul 2010 14:12:15 -0700,
>> >> > Kees Cook  a écrit :
>> >> >
>> >> > > Thoughts?
>> >> >
>> >> > Shouldn't this be coordinated with Debian?
>> >>
>> >> Yes, if there isn't strong objection in Ubuntu, my next step would be to
>> >> propose it to Debian as well.
>> >>
>> >> -Kees
-- 
Daniel J Blueman

-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Jim Tarvid]

On Wed, Aug 4, 2010 at 6:05 PM, Kees Cook  wrote:

> Hi Jim,
>
> On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
> > Why not kill the weak ciphers too?
>
> Sure! Can you send a patch for this?
>
> Thanks!
>
> -Kees
>
>
r...@helen:/etc/apache2/mods-available# diff
/etc/apache2/mods-available/ssl.conf
/root/etc-20091021/apache2/mods-available/ssl.conf
55c55
< SSLCipherSuite HIGH:!ADH
---
> #SSLCipherSuite HIGH:MEDIUM:!ADH
58c58
< SSLProtocol all -SSLv2
---
> #SSLProtocol all -SSLv2

Many thought and caveats.

   1. Old browsers may not be able to negotiate SSLCipherSuite HIGH. I don't
   know and I don't care
   2. Only the most ancient browsers will not be able to negotiate TLSv1 or
   SSLv3. see #1
   3. Daniel J Blueman may want NULL (eNULL) instead of NONE
   4. I have consulted but not read much less studied
   http://www.modssl.org/docs/2.8/
   5. I have consulted but not read much less studied
   http://www.openssl.org/docs/
   6. Patching either belongs upstream but configuration is fair game. The
   default configuration should be safe and it is not
   7. Ubuntu should allow version choices for core server components.
   Patching while retaining version numbers leads to confusion.
   8. works with Firefox 3.6.8 and Lucid

r...@helen:/etc/apache2/mods-available# openssl s_client -connect
secure.grayson-inn.com:443
CONNECTED(0003)
depth=0 /description=200989-N5Z0cD9dfFpX5YO1/C=US/O=Persona Not
Validated/OU=StartCom Free Certificate Member/CN=
secure.grayson-inn.com/emailaddress=hostmas...@ls.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /description=200989-N5Z0cD9dfFpX5YO1/C=US/O=Persona Not
Validated/OU=StartCom Free Certificate Member/CN=
secure.grayson-inn.com/emailaddress=hostmas...@ls.net
verify error:num=27:certificate not trusted
verify return:1
depth=0 /description=200989-N5Z0cD9dfFpX5YO1/C=US/O=Persona Not
Validated/OU=StartCom Free Certificate Member/CN=
secure.grayson-inn.com/emailaddress=hostmas...@ls.net
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/description=200989-N5Z0cD9dfFpX5YO1/C=US/O=Persona Not
Validated/OU=StartCom Free Certificate Member/CN=
secure.grayson-inn.com/emailaddress=hostmas...@ls.net
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Class 1 Primary Intermediate Server CA
---
Server certificate
-BEGIN CERTIFICATE-
MIIGzjCCBbagAwIBAgIDAaaMMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3Mg
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTAwNTI0MDkwOTI4
WhcNMTEwNTI1MTEwMzE4WjCBvTEgMB4GA1UEDRMXMjAwOTg5LU41WjBjRDlkZkZw
WDVZTzExCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVQZXJzb25hIE5vdCBWYWxpZGF0
ZWQxKTAnBgNVBAsTIFN0YXJ0Q29tIEZyZWUgQ2VydGlmaWNhdGUgTWVtYmVyMR8w
HQYDVQQDExZzZWN1cmUuZ3JheXNvbi1pbm4uY29tMSAwHgYJKoZIhvcNAQkBFhFo
b3N0bWFzdGVyQGxzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMyNnddl3Q0KefvNdlE3JHXyX5jZj8tfAF96a0JyllAMMW5nii2FTUfSH6VNd15g
X/1Mov/4zC2rtWXzE5ET9qCQSUJ/AlNuJc5QwxPNC0dDgCf41ZcFhIst+EmrKKEO
DR2ICOrblZbvOeGfhInCFf6NFhkgadGzdhalHKO/ur9B6X3EKEzBrmQYNLkmmv16
03iqWXhY1BsE+fTUHaGKvw/DqwMKp4sUVINuHQSMLguN/bZxAbAkxeBIhgp6jYp8
3NPFzfM7JzGoOP4WVIgCRwDRtj8T/meb4kYQqGTxNvWGvqiwzAc8hISs29n7KYBC
ztYVlSIKfDZNrwBX3sZSjdMCAwEAAaOCAwQwggMAMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBS8g5EqZvUDouZh
NQ8W/d6q4aKCFjAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3zGQu7w4sRTAyBgNV
HREEKzApghZzZWN1cmUuZ3JheXNvbi1pbm4uY29tgg9ncmF5c29uLWlubi5jb20w
ggFCBgNVHSAEggE5MIIBNTCCATEGCysGAQQBgbU3AQIBMIIBIDAuBggrBgEFBQcC
ARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjA0BggrBgEFBQcC
ARYoaHR0cDovL3d3dy5zdGFydHNzbC5jb20vaW50ZXJtZWRpYXRlLnBkZjCBtwYI
KwYBBQUHAgIwgaowFBYNU3RhcnRDb20gTHRkLjADAgEBGoGRTGltaXRlZCBMaWFi
aWxpdHksIHNlZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0
YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUg
YXQgaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjBhBgNVHR8EWjBY
MCqgKKAmhiRodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9jcnQxLWNybC5jcmwwKqAo
oCaGJGh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydDEtY3JsLmNybDCBjgYIKwYB
BQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDovL29jc3Auc3RhcnRzc2wuY29t
L3N1Yi9jbGFzczEvc2VydmVyL2NhMEIGCCsGAQUFBzAChjZodHRwOi8vd3d3LnN0
YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLnNlcnZlci5jYS5jcnQwIwYDVR0S
BBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20vMA0GCSqGSIb3DQEBBQUAA4IB
AQAE4ayjCGcy7cs0MryrjSOPG4olUW+Qxer/7vx6AJlOwQjV1JD4kTxKnqdZWSta
swRIml0N8/bQ7rr/B8gstkFT7JXlL3OcGV9wkPNQYgMqGrV5ZhnHXywVJmc+oTah
vv36LT2IVgfGU6E89tlhpip4N/B7LZu3QGGFTWRMyKtWBWayjIF62KWpopferXq9
oGlGdTWI8OeFXDOBOdHzUg4OHNeFHE6krti+8as1PXAASt47Mx2zXd+oaUdKYoTA
nqfTPEfPffObdF77HOwB0P7zi0brzIGUrA3Ozm+8MnJIq0h95CElUK9aqpUNOumC
z1L+zjzuF29wW/iJebwmR2gz
-END CERTIFICATE-
subject=/description=200989-N5Z0cD9dfFpX5YO1/C=US/O=Persona Not
Validated/OU=StartCom Free Certificate Member/CN=
secure.grayson-inn.com/emailaddress=hostmas...@ls.ne

Re: really drop SSLv2

[Kees Cook]

Hi Jim,

On Wed, Aug 04, 2010 at 09:44:25AM -0400, Jim Tarvid wrote:
> Why not kill the weak ciphers too?

Sure! Can you send a patch for this?

Thanks!

-Kees

> 
> On Mon, Jul 19, 2010 at 6:09 PM, Eric Peters  wrote:
> 
> > Like Scott said make it die! But I guarantee it's going to break something,
> > what that something is the question.
> >
> > Cheers,
> > Eric
> >
> >
> > On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook  wrote:
> >
> >> Hi Laurent,
> >>
> >> On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
> >> > Le Mon, 19 Jul 2010 14:12:15 -0700,
> >> > Kees Cook  a écrit :
> >> >
> >> > > Thoughts?
> >> >
> >> > Shouldn't this be coordinated with Debian?
> >>
> >> Yes, if there isn't strong objection in Ubuntu, my next step would be to
> >> propose it to Debian as well.
> >>
> >> -Kees
> >>
> >> --
> >> Kees Cook
> >> Ubuntu Security Team
> >>
> >> --
> >> ubuntu-server mailing list
> >> ubuntu-server@lists.ubuntu.com
> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> >> More info: https://wiki.ubuntu.com/ServerTeam
> >>
> >
> >
> > --
> > ubuntu-server mailing list
> > ubuntu-server@lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> > More info: https://wiki.ubuntu.com/ServerTeam
> >
> 
> 
> 
> -- 
> Rev. Jim Tarvid, PCA
> Galax, Virginia
> http://ls.net
> http://drupal.ls.net
-- 
Kees Cook
Ubuntu Security Team

-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Jim Tarvid]

Why not kill the weak ciphers too?

On Mon, Jul 19, 2010 at 6:09 PM, Eric Peters  wrote:

> Like Scott said make it die! But I guarantee it's going to break something,
> what that something is the question.
>
> Cheers,
> Eric
>
>
> On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook  wrote:
>
>> Hi Laurent,
>>
>> On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
>> > Le Mon, 19 Jul 2010 14:12:15 -0700,
>> > Kees Cook  a écrit :
>> >
>> > > Thoughts?
>> >
>> > Shouldn't this be coordinated with Debian?
>>
>> Yes, if there isn't strong objection in Ubuntu, my next step would be to
>> propose it to Debian as well.
>>
>> -Kees
>>
>> --
>> Kees Cook
>> Ubuntu Security Team
>>
>> --
>> ubuntu-server mailing list
>> ubuntu-server@lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> More info: https://wiki.ubuntu.com/ServerTeam
>>
>
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



-- 
Rev. Jim Tarvid, PCA
Galax, Virginia
http://ls.net
http://drupal.ls.net
-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Laurent Bigonville]

Le Mon, 19 Jul 2010 14:12:15 -0700,
Kees Cook  a écrit :

> Thoughts?

Shouldn't this be coordinated with Debian?

Cheers

Laurent Bigonville

-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Stephan Hermann]

On Mon, 2010-07-19 at 14:12 -0700, Kees Cook wrote:
> In 2008 there was discussion[1] about disabling SSLv2 in OpenSSL. The
> conclusion seemed favorable for it, and so it was attempted[2] in openssl
> 0.9.8g-10.1ubuntu2 for Intrepid.
> 
> Unfortunately, this change seems to have had no affect on the build, and
> SSLv2 has remained available. I would like to propose fixing this for real
> now, and documenting the change in the SSL man pages.
> 
> I'd like to point out that even as far back as Dapper, GnuTLS has not
> supported SSLv2; IMO, it is high time to make it go away for OpenSSL too.
> 
> The attached debdiff would disallow the use of SSLv2 in any mode without
> wrecking the openssl library ABI.
> 

Yes please, make it go away.

People who are configuring mod_ssl with openssl the wrong way, always
have problems when a security audit comes along.

SSLv2 is deprecated and should never be used in any scenario.

Regards,

\sh


-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Eric Peters]

Like Scott said make it die! But I guarantee it's going to break something,
what that something is the question.

Cheers,
Eric


On Mon, Jul 19, 2010 at 3:06 PM, Kees Cook  wrote:

> Hi Laurent,
>
> On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
> > Le Mon, 19 Jul 2010 14:12:15 -0700,
> > Kees Cook  a écrit :
> >
> > > Thoughts?
> >
> > Shouldn't this be coordinated with Debian?
>
> Yes, if there isn't strong objection in Ubuntu, my next step would be to
> propose it to Debian as well.
>
> -Kees
>
> --
> Kees Cook
> Ubuntu Security Team
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Kees Cook]

Hi Laurent,

On Mon, Jul 19, 2010 at 11:34:47PM +0200, Laurent Bigonville wrote:
> Le Mon, 19 Jul 2010 14:12:15 -0700,
> Kees Cook  a écrit :
> 
> > Thoughts?
> 
> Shouldn't this be coordinated with Debian?

Yes, if there isn't strong objection in Ubuntu, my next step would be to
propose it to Debian as well.

-Kees

-- 
Kees Cook
Ubuntu Security Team

-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

Re: really drop SSLv2

[Scott Kitterman]

"Kees Cook"  wrote:

>In 2008 there was discussion[1] about disabling SSLv2 in OpenSSL. The
>conclusion seemed favorable for it, and so it was attempted[2] in openssl
>0.9.8g-10.1ubuntu2 for Intrepid.
>
>Unfortunately, this change seems to have had no affect on the build, and
>SSLv2 has remained available. I would like to propose fixing this for real
>now, and documenting the change in the SSL man pages.
>
>I'd like to point out that even as far back as Dapper, GnuTLS has not
>supported SSLv2; IMO, it is high time to make it go away for OpenSSL too.
>
>The attached debdiff would disallow the use of SSLv2 in any mode without
>wrecking the openssl library ABI.
>
>Thoughts?
>
>-Kees
>
>[1] https://lists.ubuntu.com/archives/ubuntu-server/2008-July/001976.html

Yes. Please. Make it die. 

Scott K

-- 
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

really drop SSLv2

[Kees Cook]

In 2008 there was discussion[1] about disabling SSLv2 in OpenSSL. The
conclusion seemed favorable for it, and so it was attempted[2] in openssl
0.9.8g-10.1ubuntu2 for Intrepid.

Unfortunately, this change seems to have had no affect on the build, and
SSLv2 has remained available. I would like to propose fixing this for real
now, and documenting the change in the SSL man pages.

I'd like to point out that even as far back as Dapper, GnuTLS has not
supported SSLv2; IMO, it is high time to make it go away for OpenSSL too.

The attached debdiff would disallow the use of SSLv2 in any mode without
wrecking the openssl library ABI.

Thoughts?

-Kees

[1] https://lists.ubuntu.com/archives/ubuntu-server/2008-July/001976.html
[2] 
http://launchpadlibrarian.net/16310227/openssl_0.9.8g-10.1ubuntu1_0.9.8g-10.1ubuntu2.diff.gz

-- 
Kees Cook
Ubuntu Security Team
diff -Nru openssl-0.9.8o/debian/changelog openssl-0.9.8o/debian/changelog
--- openssl-0.9.8o/debian/changelog 2010-07-19 16:45:38.0 +0200
+++ openssl-0.9.8o/debian/changelog 2010-07-19 22:10:18.0 +0200
@@ -1,3 +1,10 @@
+openssl (0.9.8o-1ubuntu3) maverick; urgency=low
+
+  * debian/patches/no-sslv2.patch: disallow use of sslv2 init methods,
+force no-ssl2 context option.
+
+ -- Kees Cook   Mon, 19 Jul 2010 22:04:26 +0200
+
 openssl (0.9.8o-1ubuntu2) maverick; urgency=low
 
   * Don't build anymore for processors not supported anymore in maverick:
diff -Nru openssl-0.9.8o/debian/patches/no-sslv2.patch 
openssl-0.9.8o/debian/patches/no-sslv2.patch
--- openssl-0.9.8o/debian/patches/no-sslv2.patch1970-01-01 
01:00:00.0 +0100
+++ openssl-0.9.8o/debian/patches/no-sslv2.patch2010-07-19 
22:40:36.0 +0200
@@ -0,0 +1,125 @@
+Description: disallow SSLv2 initialization, force it disabled for other 
methods.
+Author: Kees Cook 
+
+Index: openssl-0.9.8o/ssl/ssl_lib.c
+===
+--- openssl-0.9.8o.orig/ssl/ssl_lib.c  2010-02-17 20:43:08.0 +0100
 openssl-0.9.8o/ssl/ssl_lib.c   2010-07-19 22:10:51.885282388 +0200
+@@ -986,8 +986,10 @@
+   return 1;
+ 
+   case SSL_CTRL_OPTIONS:
++  larg|=SSL_OP_NO_SSLv2;
+   return(s->options|=larg);
+   case SSL_CTRL_CLEAR_OPTIONS:
++  larg&=~SSL_OP_NO_SSLv2;
+   return(s->options&=~larg);
+   case SSL_CTRL_MODE:
+   return(s->mode|=larg);
+@@ -1096,8 +1098,10 @@
+   case SSL_CTRL_SESS_CACHE_FULL:
+   return(ctx->stats.sess_cache_full);
+   case SSL_CTRL_OPTIONS:
++  larg|=SSL_OP_NO_SSLv2;
+   return(ctx->options|=larg);
+   case SSL_CTRL_CLEAR_OPTIONS:
++  larg&=~SSL_OP_NO_SSLv2;
+   return(ctx->options&=~larg);
+   case SSL_CTRL_MODE:
+   return(ctx->mode|=larg);
+@@ -1444,7 +1448,7 @@
+   {
+   SSL_CTX *ret=NULL;
+   
+-  if (meth == NULL)
++  if (meth == NULL || meth->version <= SSL2_VERSION)
+   {
+   SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
+   return(NULL);
+@@ -1603,6 +1607,9 @@
+*/
+   ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ 
++  /* Force no SSLv2 for all methods */
++  ret->options |= SSL_OP_NO_SSLv2;
++
+   return(ret);
+ err:
+   SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
+Index: openssl-0.9.8o/test/testssl
+===
+--- openssl-0.9.8o.orig/test/testssl   2005-02-02 00:48:36.0 +0100
 openssl-0.9.8o/test/testssl2010-07-19 22:10:51.885282388 +0200
+@@ -33,17 +33,17 @@
+ #
+ 
+ echo test sslv2
+-$ssltest -ssl2 $extra || exit 1
++$ssltest -ssl2 $extra && exit 1
+ 
+ echo test sslv2 with server authentication
+-$ssltest -ssl2 -server_auth $CA $extra || exit 1
++$ssltest -ssl2 -server_auth $CA $extra && exit 1
+ 
+ if [ $dsa_cert = NO ]; then
+   echo test sslv2 with client authentication
+-  $ssltest -ssl2 -client_auth $CA $extra || exit 1
++  $ssltest -ssl2 -client_auth $CA $extra && exit 1
+ 
+   echo test sslv2 with both client and server authentication
+-  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
++  $ssltest -ssl2 -server_auth -client_auth $CA $extra && exit 1
+ fi
+ 
+ echo test sslv3
+@@ -71,17 +71,17 @@
+ $ssltest -server_auth -client_auth $CA $extra || exit 1
+ 
+ echo test sslv2 via BIO pair
+-$ssltest -bio_pair -ssl2 $extra || exit 1
++$ssltest -bio_pair -ssl2 $extra && exit 1
+ 
+ echo test sslv2 with server authentication via BIO pair
+-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
++$ssltest -bio_pair -ssl2 -server_auth $CA $extra && exit 1
+ 
+ if [ $dsa_cert = NO ]; then
+   echo test sslv2 with client authentication via BIO pair
+-  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
++  $ssltest -bio_pair -ssl2 -clien