Posted on

We're running Redhat 5.3 with Openssl 0.9.8e-27.4 which includes the patch for security vulnerability CVE-2014-0224. When running the Tripwire VERT CVE-2014-0224 Detection Tool against this version of Openssl it outputs:

CVE-2014-0224 Detection Tool v0.3
Brought to you by Tripwire VERT (@TripwireVERT)
[TLSv1.2] rejected early CCS
[TLSv1.1] rejected early CCS
[TLSv1] www.####com:443 may allow early CCS
[SSLv3] may allow early CCS
This System Exhibits Potentially Vulnerable Behavior
If this system is using OpenSSL, it should be upgraded.
Note: This is an experimental detection script and does not definitively determine vulnerable server status.

A snippet of the packet capture when the TLSv1 test is run is below which shows the Change Cipher request and subsequent packets"

40 0.232969 Test host target host TLSv1 72 Change Cipher Spec
41 0.233806 Target Test TCP 1434 [TCP segment of a reassembled PDU]
42 0.234054 Target Test TLSv1 1222 Certificate
43 0.234064 Test Target TCP 66 38215→443 [ACK] Seq=491 Ack=3893 Win=23296 Len=0 TSval=702168555 TSecr=808778283
44 0.301886 Target Test TCP 66 443→38215 [ACK] Seq=3893 Ack=491 Win=6912 Len=0 TSval=808778354 TSecr=702168554
45 1.735994 Test Target TLSv1 73 Alert (Level: Warning, Description: Close Notify)
46 1.759196 Target Test TCP 66 443→38215 [ACK] Seq=3893 Ack=498 Win=6912 Len=0 TSval=808779811 TSecr=702170057
47 1.760177 Target Test TLSv1 73 Alert (Level: Fatal, Description: Decode Error)

A security expert is stating that “Any alert other than "Alert (Level: Fatal, Description: Unexpected Message)" indicates it is possible to submit a successful ChangeCipherSpec message.” and that therefore the vulnerability to CVE-2014-0224 is still present in this version of openssl. i.e. packet #44 should be an Alert Fatal packet. I would like to know what is the expected response/behavior of the patched openssl to the ChangeCipher request when TLSv1 or SSLv3 is used and whether the security expert is correct or mistaken, and if the latter how I can educate him.
[Upgrading the OS is not feasible at this time]