Poodle sslv3 vulnerability test

[Matt Grant]

I just did a yum update and it updated 138 items on my CentOS 6.5 (now its 6.6) server. I saw that openssl was one of the updates and figured it would patch everything.

I ran this test openssl s_client -connect myipaddress:443 -ssl3 and got this response:

[root@web ~]# openssl s_client -connect myipaddress:443 -ssl3
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = [email protected]
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = [email protected]
verify error:num=10:certificate has expired
notAfter=Jun 11 06:21:58 2013 GMT
verify return:1
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = [email protected]
notAfter=Jun 11 06:21:58 2013 GMT
verify return:1
---
Certificate chain
0 s:/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=[email protected]
i:/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
the long cert key was here and I was not sure if it was ok to post so I removed it.
-----END CERTIFICATE-----
subject=/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=[email protected]
issuer=/C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=[email protected]
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1472 bytes and written 274 bytes
---
New, TLSv1/SSLv3, Cipher is REMOVED
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : REMOVED
Session-ID: REMOVED
Session-ID-ctx:
Master-Key: REMOVED
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1414721148
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
---
closed


Does this mean the server is still vulnerable? What is the best way to secure it?

Thanks in advance!

 

[UFHH01]

Yes, Matt_Grant, your server response does indicate, that it is vulnerable.

Did you follow the suggestions in the KB - article :

[Plesk] CVE-2014-3566: POODLE attack exploiting SSL 3.0 fallback ( KB - article 123 160 )​

 

[Matt Grant]

I just took at look at it and followed the directions for running the poodle.sh script and this is the output I got when I ran it on both my Plesk 12 (mail) and Plesk 11.5 (web) servers:

[root@mail tmp]# for i in `echo 21 587 443 465 7081 8443 993 995 `; do /bin/sh /root/poodle.sh <IP> $i; done
-bash: IP: No such file or directory
-bash: IP: No such file or directory
-bash: IP: No such file or directory
-bash: IP: No such file or directory
-bash: IP: No such file or directory
-bash: IP: No such file or directory
-bash: IP: No such file or directory
-bash: IP: No such file or directory

I am assuming it did not work on anything it was trying to do. I realize that the script makes changes to quite a few services/programs that use ssl and it is possible that the "No such directory" errors are happening because I am not using the particular services/programs. I ran the openssl test again and I get the same output I got before I ran the script. I guess I have to do this manually?

When I tired to edit the Apache config, I do not see any SSL directives in the file. The only thing that says SSL on the file is this part:

# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.


When I tired to edit the Courier/IMAP config files I found this

The TLS_PROTOCOL directive is in a different format than than the instructions say
The TLS_CIPHER directive is commented out. Do I uncomment it and then change it to what it says?

##NAME: TLS_PROTOCOL:1
#
# TLS_PROTOCOL sets the protocol version. The possible versions are:
#
# OpenSSL:
#
# SSL3 - SSLv3
# SSL23 - all protocols (including TLS 1.x protocols)
# TLS1 - TLS1
# TLSv1.1 - TLS1.1
# TLSv1.2 - TLS1.2
#
# Leave it unset to use any protocol except SSL 2.

TLS_PROTOCOL=SSL23


##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# OpenSSL:
#
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# GnuTLS:
#
# TLS_CIPHER_LIST="HIGH:MEDIUM"
#
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
#
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
# Also, the following aliases:
#
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
# is not included
# ALL -- all ciphers except the NULL cipher
#
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.

For the Qmail config file, I created the /var/qmail/control/tlsserverciphers file with what it said, but how do I test if it worked?

For the Parallels 11.5 and later section, this what my /etc/sw-cp-server/config looks like.

worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
"'$fastcgi_script_name' '$fastcgi_path_info' '$document_root'";


sendfile on;
reset_timedout_connection on;

#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;

#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";

server_tokens off;

fastcgi_max_temp_file_size 0;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

fastcgi_read_timeout 600;
fastcgi_send_timeout 600;

client_max_body_size 2048m;

error_page 497 https://$hostname:$server_port$request_uri;

include /etc/sw-cp-server/conf.d/*.conf;
}

Where exactly do I add the new line ssl_protocols TLSv1 TLSv1.1 TLSv1.2; under the http section?

Why does this have to be so darn difficult?

 

[UFHH01]

Hi Matt_Grant,

there is a really nice thread, explizit for this: SSL POODLE / SSLv3 bug ( Forum - link )

Please make yourself a coffee/tea and try to read some posts, just to be sure, that you solve your issues regarding to this.

 

[Matt Grant]

I went through all 5 pages of that thread and it did not answer any comments or questions that are bolded. Any chance you could see if you can help me?

Like for instance...

on the imapd-ssl and pop3d-ssl files, the TLS_CIPHER_LIST is commented out, should I uncomment it and change it as the KB article says?

##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# OpenSSL:
#
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
# GnuTLS:
#
# TLS_CIPHER_LIST="HIGH:MEDIUM"
#
# The actual list of available ciphers depend on the options GnuTLS was
# compiled against. The possible ciphers are:
#
# AES256, 3DES, AES128, ARC128, ARC40, RC2, DES, NULL
#
# Also, the following aliases:
#
# HIGH -- all ciphers that use more than a 128 bit key size
# MEDIUM -- all ciphers that use a 128 bit key size
# LOW -- all ciphers that use fewer than a 128 bit key size, the NULL cipher
# is not included
# ALL -- all ciphers except the NULL cipher
#
# See GnuTLS documentation, gnutls_priority_init(3) for additional
# documentation.

##NAME: TLS_STARTTLS_PROTOCOL:0
#
# TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP STARTTLS
# extension, as opposed to IMAP over SSL on port 993.
#
# It takes the same values for OpenSSL as TLS_PROTOCOL

##NAME: TLS_CIPHER_LIST:0
#
# TLS_CIPHER_LIST optionally sets the list of ciphers to be used by the
# OpenSSL library. In most situations you can leave TLS_CIPHER_LIST
# undefined
#
# OpenSSL:
#
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
#
#

Hi Matt_Grant,

there is a really nice thread, explizit for this: SSL POODLE / SSLv3 bug ( Forum - link )

Please make yourself a coffee/tea and try to read some posts, just to be sure, that you solve your issues regarding to this.

 

[Matt Grant]

Ok, here is a new problem...

When I created the file /var/qmail/control/tlsserverciphers (it did not exist before) with only this information on it ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM (as per the KB article) I cannot receive email from Gmail and I would assume other mail providers as well. I was able to receive an email from a hosted MS exchange account hosted by 1&1 (which is where my servers are hosted too). If i delete the file and then restart qmail, then I can receive email from Gmail. I am not having a lot of faith in Parallel's supposed fix. Is it possible it is a permissions issue on the newly created file?

 

[Matt Grant]

Ok I found that if I create tlsserverciphers and use:
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
instead of
ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:+HIGH:+MEDIUM

I can receive emails from Gmail. Otherwise I have to delete the tlsserverciphers for email to work correctly. Is the way I created the file correct?

 

[Matt Grant]

Why cant I just run the poodle.sh scrip to fix all of this? Why does it output no such file or directory and not tell me if I am vulnerable? I have a standard install of Plesk 12 (12.0.18 Update #22, last updated at Oct 31, 2014 03:06 AM) with all of the latest updates from yum.

 

[UFHH01]

Hi Matt_Grant,

Where exactly do I add the new line ssl_protocols TLSv1 TLSv1.1 TLSv1.2; under the http section?

The answer is:
There are several ways of solving the issues with Poodle... it depends on your personal choice, WHERE in the "http" - section you would like to add the suggested line. There is no "perfect" area for it.

For the Qmail config file, I created the /var/qmail/control/tlsserverciphers file with what it said, but how do I test if it worked?

The answer is:
This is already provided in the Poodle - KB - article: openssl s_client -connect localhost:465 -ssl3

I cannot receive email from Gmail

The answer is:
Unfortunately, you don't want to read the suggestions for the "intermediate" ciphers - list and the additional explanation. Well, in this case, I can't help you... sorry. Please read again the post: http://talk.plesk.com/threads/cant-send-mail-from-horde-since-poodle-patch.324511/#post-762689

Why cant I just run the poodle.sh scrip to fix all of this

The answer is:
As mentioned in the other threads, the "poodle.sh" script from Parallels ONLY looks for ALL SSL3 - ciphers used in your configurations/ports, but not all SSL3 - ciphers are vulnerable. The provided suggestion for the "intermediate" cipher - list includes as well SSL3 - ciphers. Please visit https://www.ssllabs.com/ssltest/ and perform a FULL test, to see, if all your changes were successfull.
To use the "poodle.sh" script, you have to be sure, that your commands are for the "right" location. We don't know, WHERE you put the script on your system. Please locate the script with the command "locate poodle.sh" and modify the suggested command from the Poodle - KB - article:

for i in `echo 21 587 443 465 7081 8443 993 995 `; do /bin/sh /root/poodle.sh <IP> $i; done
​

The red marked options are variable, depending on your poodle.sh - location and YOUR server IP. You could as well use "localhost" instead of the IP.

 

[Matt Grant]

I am sorry I am a little dense on this stuff...

Now I understand why I got the error on the poodle.sh, I needed to run it like this for i in `echo 21 587 443 465 7081 8443 993 995 `; do /bin/sh poodle.sh localhost $i; done

I got this output

[root@mail /]# for i in `echo 21 587 443 465 7081 8443 993 995 `; do /bin/sh poodle.sh localhost $i; done
localhost:21 - Vulnerable! SSLv3 connection established using SSLv3/ECDHE-RSA-AES256-SHA
localhost:587 - Vulnerable! SSLv3 connection established using SSLv3/DHE-RSA-AES256-SHA
localhost:443 - Not vulnerable. Failed to establish SSLv3 connection.
localhost:465 - error: Timeout connecting to host!
localhost:7081 - Not vulnerable. Failed to establish SSL connection.
localhost:8443 - Not vulnerable. Failed to establish SSLv3 connection.
localhost:993 - Vulnerable! SSLv3 connection established using SSLv3/DHE-RSA-AES256-SHA
localhost:995 - Vulnerable! SSLv3 connection established using SSLv3/DHE-RSA-AES256-SHA


So I am vulnerable on 21, 587, 993 and 995. I went to edit the ProFTPD conf file and I cannot find the file name 60-nosslv3.conf file. There is however a file called 50-plesk.conf in the /etc/proftpd.d/ directory. But all it has in it is:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

# Global section
<Global>
<IfModule mod_tls.c>
TLSEngine on
TLSRequired off
</IfModule>
</Global>

So editing that file will be useless because it will get regenerated at some point.



ProFTPD server
Edit the /etc/proftpd.d/60-nosslv3.conf file, modifying 2 following lines so that they look like:

TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv3

I found on another website that says I should edit the proftpd.conf file like this:

To fix ProFTPd,

Edit /etc/proftpd.conf and modify the lines below:

TLSProtocol TLSv1
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
- See more at: http://bobcares.com/blog/protecting...tpd-proftpd-amd-dovecot/#sthash.Bf6GKvfY.dpuf

The only issue is that there are no entries for TLSProtocol or TLSCipherSuite on the proftpd.conf file. DO I just add them at the end of the file?


The answer is:
This is already provided in the Poodle - KB - article: openssl s_client -connect localhost:465 -ssl3

I made the changes in Qmail as per the KB article, but I still get a handshake when I run the openssl s_client -connect localhost:465 -ssl3, but it shows as not vulnerable when I run the poodle.sh

The answer is:
There are several ways of solving the issues with Poodle... it depends on your personal choice, WHERE in the "http" - section you would like to add the suggested line. There is no "perfect" area for it.

If you were adding it to your /etc/httpd/conf/httpd.conf file, where would you put it?

The answer is:
Unfortunately, you don't want to read the suggestions for the "intermediate" ciphers - list and the additional explanation. Well, in this case, I can't help you... sorry. Please read again the post: http://talk.plesk.com/threads/cant-send-mail-from-horde-since-poodle-patch.324511/#post-762689

I think I have this part figured out, I am just waiting on someone in that thread to respond to one question about the syntax.

My question is:
Is it supposed to be added to the files as: (no return after TLS_CIPHER_LIST=)

TLS_CIPHER_LIST=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

or as you posted (return after TLS_CIPHER_LIST=)

TLS_CIPHER_LIST=
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES128-SHAHE-DSS-AES128-SHA256HE-RSA-AES256-SHA256HE-DSS-AES256-SHAHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIAES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

This is how it is formatted in my Courier/IMAP files (but it is commented out)

# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"


Thanks!

Hi Matt_Grant,


The answer is:
There are several ways of solving the issues with Poodle... it depends on your personal choice, WHERE in the "http" - section you would like to add the suggested line. There is no "perfect" area for it.






The answer is:
Unfortunately, you don't want to read the suggestions for the "intermediate" ciphers - list and the additional explanation. Well, in this case, I can't help you... sorry. Please read again the post: http://talk.plesk.com/threads/cant-send-mail-from-horde-since-poodle-patch.324511/#post-762689



The answer is:
As mentioned in the other threads, the "poodle.sh" script from Parallels ONLY looks for ALL SSL3 - ciphers used in your configurations/ports, but not all SSL3 - ciphers are vulnerable. The provided suggestion for the "intermediate" cipher - list includes as well SSL3 - ciphers. Please visit https://www.ssllabs.com/ssltest/ and perform a FULL test, to see, if all your changes were successfull.
To use the "poodle.sh" script, you have to be sure, that your commands are for the "right" location. We don't know, WHERE you put the script on your system. Please locate the script with the command "locate poodle.sh" and modify the suggested command from the Poodle - KB - article:

for i in `echo 21 587 443 465 7081 8443 993 995 `; do /bin/sh /root/poodle.sh <IP> $i; done
​

The red marked options are variable, depending on your poodle.sh - location and YOUR server IP. You could as well use "localhost" instead of the IP.

 

[UFHH01]

I made the changes in Qmail as per the KB article, but I still get a handshake when I run the openssl s_client -connect localhost:465 -ssl3, but it shows as not vulnerable when I run the poodle.sh

I'm not sure, if you read the suggestion for a decent test. If not, please, visit the site https://www.ssllabs.com/ssltest/ . If you would like MORE informations, please visit a official site like: https://wiki.mozilla.org/Security/Server_Side_TLS , because I tried to explain it in my words, but you don't seem to like that - just to remind you: you changed already your ciphers-list to the internediate ciphers - list, which contains as well SSL3 - ciphers, which are NOT vulnerable!

I do not see anything on the KB article about securing port 21. I don't see ProFTPD server installed on my server. How do I secure port 21?

Please Matt_Grant, have a closer look at the Poodle KB - article:

ProFTPD server
Edit the /etc/proftpd.d/60-nosslv3.conf file, modifying 2 following lines so that they look like:

TLSProtocol TLSv1 TLSv1.1 TLSv1.2
TLSCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:!SSLv3

If you were adding it to your /etc/httpd/conf/httpd.conf file, where would you put it?

I wonder why you don't try to put it in the suggested section ( "include the following line in your Apache configuration file among the other SSL directives" - quoted from the Poodle - KB - article )... but o.k.... explizit for Matt_Grant :

FIND the section:

SSLEngine on​

ADD directly under this line:

SSLProtocol All -SSLv2 -SSLv3​

Again, I would like to point out, that this suggestion from the Parallels Poodle - KB - article might conflict with some older browsers and can cause issues. IF you or your clients experience issues, please try the Mozilla SSL Config Generator with different options ( "modern", "intermediate" , "old" ) and edit your configurations based on this.

Is it supposed to be added to the files as: (no return after TLS_CIPHER_LIST=)

Sorry, the forum as well is not perfect. If you use CODE - brackets, to format text in your posts/threads, you might experience, that a line break take part, even that there shouldn't be one.



You might wonder yourself, why I answer as well questions from you, that are already answered in another thread. This is because not all people visiting the forum click around from one thread to another and so they don't know, that your question was already answered to you. It would be nice, if you stick to ONE thread, instead of cross - posting to several post/threads.