Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) in httpd
Environment
- Red Hat Enterprise Linux 5, 6, 7
- Red Hat JBoss Enterprise Application Platform (EAP) 5, 6
- JBoss Enterprise Web Server (EWS) 1, 2
- Inktank Ceph Enterprise (ICE) 1
- Red Hat Storage Console
- Red Hat Enterprise Virtualization
Issue
- How do I avoid impact to httpd from CVE-2014-3566?
- How do I disable SSL 3.0 in httpd (using mod_ssl or mod_nss)?
Resolution
To avoid this vulnerability, Red Hat recommends disabling SSL and using only TLSv1.1 or TLSv1.2. Backwards compatibility can be achieved using TLSv1.0. Many products Red Hat supports have the ability to use SSLv2 or SSLv3 protocols, or enable them by default. However use of SSLv2 or SSLv3 is now strongly recommended against.
The SSL/TLS support in httpd can be provided by the mod_ssl module using the OpenSSL library, or by the mod_nss module using the NSS library.
Examples below enable all TLS versions currently supported by specified product versions.
Disabling SSL 3.0 in mod_ssl
To mitigate this vulnerability as it affects httpd using mod_ssl, set the SSLProtocol directive as follows in /etc/httpd/conf.d/ssl.conf:
Note: This directive must either be located at the topmost level of the configuration file, or inside the default virtual host configuration for an address.
Option 1: Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3)
SSLProtocol All -SSLv2 -SSLv3
Then restart httpd:
# service httpd restart
Option 2: Disable everything except TLSv1.x
On Red Hat Enterprise Linux 7 or Red Hat Enterprise Linux 6.6 and later:
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
On other platforms, including Red Hat Enterprise Linux 5
SSLProtocol -All +TLSv1
Then restart httpd:
# service httpd restart
Disabling SSL 3.0 in mod_nss
To mitigate this vulnerability as it affects httpd using mod_nss, set the NSSProtocol directive as follows in /etc/httpd/conf.d/nss.conf:
Red Hat Enterprise Linux 6 and later:
NSSProtocol TLSv1.0,TLSv1.1
Red Hat Enterprise Linux 5:
NSSProtocol TLSv1.0
Then restart httpd:
# service httpd restart
Root Cause
A vulnerability was found in the SSLv3.0 protocol. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. For more information about this vulnerability, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
Diagnostic Steps
For diagnostic steps, refer to the following article: POODLE: SSLv3.0 vulnerability (CVE-2014-3566)
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
26 Comments
Do both Option 1 and Option 2 require a restart of Apache
Yes.
I've tried both options on my RHEL 5.9, and the tester still says my site is vulnerable.
Option 1 did work for my RHEL 6.8 edition though.
What am I missing here?
Try checking if you have the setting applied on the right place, such is in the right vhost and not overridden by other setting. See also Note in the text.
I think for RHEL 5.x, you need to upgrade your openssl to openssl-1+ before you perform either options. Try to upgrade your openssl through yum repository. For safe upgrade, just follow this command... sudo yum update openssl
You can also try the ssl config below before you upgrade your openssl. It is tested and working fine on our RHEL 5.x with openssl-0.9+, but it is better to upgrade your openssl. See my previous post.
Before applying the fix/solution provided by RedHat:
[root@rhel6-reverse-proxy]#sh /home/albert/CVE-2014-3566/poodle.sh (IP Address of our RHEL5.x) 443
VULNERABLE! SSLv3 detected.
After applying the fix/solution provided by RedHat:
[root@rhel6-reverse-proxy]#sh /home/albert/CVE-2014-3566/poodle.sh (IP Address of our RHEL5.x) 443
Not Vulnerable. We detected that this server does not support SSLv3
Take note, you must restart Apache [httpd] to take effect the changes.
[root@rhel5-reverse-proxy]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
ssl.conf:
SSLProtocol All -SSLv2 -SSLv3
i have "Red Hat Enterprise Linux Server release 6.5 (Santiago)" and used the SSLProtocol All -SSLv2 -SSLv3 in /etc/httpd/conf.d/ssl.conf and the tester still says my site is vulnerable. Please let me know what i am missing.
Tomas - I have it in the correct location; right at the top of my /etc/httpd/conf.d/ssl.conf file.
Albert - After updating my OpenSSL, the tester is still telling me the site is vulnerable. And yes, once again I tried both Option 1 and 2, along with restarting httpd after both.
Any other ideas?
I am experiencing the same issue however as you can see from my comment below, I have multiple systems all of which are working correct except for three. Any ideas would be most helpful.
I have the same problem. The solution works for some of the servers and not for others.
The default ssl.conf contains SSLProtocol configuration directive. If you just added the line to disable SSLv3 on top without changing the default directive in the default vhost, your setting may be overridden.
I'd recommend you to open a support case. You'll be able to upload your configuration there to have it reviewed by Red Hat support and help you find out why your setting does not get applied.
Thank you Thomas,
I only have one directive setting the SSL Protocol unlike some that have multiple settings. I have tried to override the ssl.conf directive by adding SSLProtocol All -SSLv2 -SSLv3 in the Vhost.conf file however this did not work either. It makes me think that there is some service installed on these 2 servers that is different then the others however that would be like trying to find a needle in a haystack.
I will open a Support Ticket and work with RH to see if I can resolve this issue with their help.
Thank you,
Kelly
Hi Phil, you can use the following command to debug SSL server and verify which
SSL-Session Protocol is active.
openssl s_client -connect target_host:443
CONNECTED(00000003)
.....
............
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
.......
To verify if sslv3 is active:
openssl s_client -ssl3 -connect taget_host:443
CONNECTED(00000003)
23960:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40
23960:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
To verify if sslv2 is active:
openssl s_client -ssl2 -connect target_host:443
CONNECTED(00000003)
23964:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
To verify if tlsv1 is active:
openssl s_client -tls1 -connect target_host:443
....
CONNECTED(00000003)
.....
............
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Take note, from the output above you will see "ssl handshake failure on both sslv2 and sslv3", that mean both of these SSL-Session Protocols are not active or totally disabled. On the other hand, you see TLSv1 under SSL-Session -> Protocol is active, that mean your configuration is fine and you have nothing worry about.
Moreover, you can also enable the following in your /etc/httpd/conf.d/ssl.conf
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
That config is PCI-DSS Compliant. Hope it would help.
Hi Albert,
Thanks for the info.
I've managed to get this issue sorted now.
It was a combination of Tomas' note above (overwritten directive within the vhost regardless if the SSLProtocol is at the top of your file) along with a few greps to find where the Virtual Hosts were actually configured. (Of course, I didn't set up this server!).
Thanks for all the help! Tomas as well!
Another way to test your SSL Server Config is through SSL Lab. This will give you comprehensive test result as well the rating of your SSL Server. Please follow the link below.
SSL Lab SSL Server Test:
https://www.ssllabs.com/ssltest/
I have 3 systems that no matter which correction I make their URL's are still showing as vulnerable. I have 2 servers that are Red Hat 6.5 that have the same configurations as other servers in my farm and when I run the path hal-test.visionary.com or hal-dev.visionary.com both are different servers I get a response back that these are vulnerable. My ssl.conf file has SSLProtocol -All +TLSv1 on both servers.
Is there something else I can do or check to make sure I'm protecting my servers?
The third server is an old Plesk server that is running CentOS on the backend. I know that RH doesn't support CentOS, I just wanted to make it aware that CentOS based OS's with Plesk Control Panel is also showing as Vulnerable, all websites I've tested on that server show vulnerable. Even though I've got SSLProtocol All -SSLv2 -SSLv3 in the httpd.conf file.
Since any apache configuration can contain an SSL Protocol statement, you also need to look in all the vhost config files that you might have as well.
Thanks everyone, I was able to fix my problem. These two servers were not setup the same way as my other servers so I made the changes necessary to do so. In the Vhost file I added the components of the SSLProtocal rather than assuming they would be called in the ssl.conf file. After I added.
*LEFT SSLCIPHER AND OPTIONS SCRUBBED
to the Vhost entries the vulnerability was closed. I now have all my servers protected.
I'm having a tough time getting SSLv2, SSLv3 disabled as well on this test system....
- $ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
$ /usr/sbin/httpd -v
Server version: Apache/2.2.3
Server built: Jul 18 2014 04:46:39
$ openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Did a search for all config files that may contain "SSLProtocol" and got these results (the first match is a comment from my first attempt, ignore). So I should have only TLSv1 operating
$ grep -R -i SSLProtocol /etc/httpd/conf*
/etc/httpd/conf.d/ssl.conf:#SSLProtocol All -SSLv2 -SSLv3
/etc/httpd/conf.d/ssl.conf:SSLProtocol -All +TLSv1
But I'm still getting both SSLv2 and SSLv3 showing as still configured from multiple sources (poodle.sh script, as well as a few different SSL checkers I've tried so far).
Strange... any ideas?
Hi David, please update first your openssl before resolving poodle issue. See my previous posting.
Does the disabling on SSLv2 and SSLv3 cause any impact in the client SSL connections?
Is this fix necessary for RHEL5 ?
Yes, any version of RHEL using the affected versions of SSL requre the config change.
Hi,
doing opt-in of TLSv1/1.1/1.2 is improper and obstructive, because any future protocols (e.g. TLSv1.3) will be disabled by default.
Better doing opt-out of SSLv2/3 like the first example tells:
according to openssl all previous version of openssl are effected except OpenSSL 1.0.1j so when redhat going to release patch to update openssl
I keep hearing about updating openssl on RH5, but there is no source for 1.X. Is it enough to go to openssl 0.9.8e-36.el5_11 - which seems latest?