The POODLE weakness in the SSL protocol (CVE-2014-3566)
This document (7015773) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Server 9
SUSE Cloud
SUSE Linux Enterprise Server 12
SUSE Manager
SUSE Studio
Situation
1. Your immediate action is required.
In short: The POODLE attack to the SSL 3.0 protocol, published last night (https://www.openssl.org/~bodo/ssl-poodle.pdf) requires server and desktop administrators and desktop users to carefully review their security protocol settings in packages such as HTTP Servers (such as Apache, Tomcat), SMTP Servers(such as Postfix), IMAP Servers, ... as well as Web browsers (Firefox, ...) and E-Mail Clients (Evolution, Thunderbird, ...).
More generally: everything which uses the SSL/TLS protocol, needs a review.
Recommended action:
Check for and if needed, change the settings to work with TLS 1.0 as a minimum requirement (details below).
Fortunately, you do not have to install or update any package to mitigate the situation. In the future you may see updates to some packages, to help mitigating this on a lower level than the configuration alone.
Unfortunately, changing the settings on servers and clients can have significant side effects, if some part of your stack really requires the SSL 3.0 protocol. Carefully check your needs and those of your peers!
2. Settings for some well known packages
Firefox and Thunderbird
In older Firefox Browsers (before 23), there was a menu entry to disable SSLv3 (Preferences-Advanced-Encryption).
For more recent Firefox versions you need to use the detailed configuration. Go to "about:config", search for "security.tls.version.min" and change the value to "1" at least.
The default is "0", see:
http://http://kb.mozillazine.org/Security.tls.version.*
The same steps are needed for Thunderbird.
Apache webserver
Make sure your Apache configuration(s) contains:
"SSLProtocol all -SSLv2 -SSLv3"
Note: Run the following command to make sure that SSLv3 is disabled:
Postfix SMTP Server
To enforce TLS for transport of SMTP connections, add this to your configuration:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_enforce_tls = yes
Note, with "smtp_enforce_tls = yes" your postfix will not accept any
plaintext connections anymore.
Evolution
If your email server supports the STARTTLS (http://en.wikipedia.org/wiki/STARTTLS) feature, we suggest you change configuration on Evolution email client from "SSL" to "TLS". This will force Evolution email client to use STARTTLS over plain SSL. SUSE is currently working on using TLS instead of SSLv3 when "SSL" is chosen in the configuration dialog, for mail servers not supporting STARTTLS. A respective patch will be available in the future.
apache2-mod_nss
To disable SSL edit the following file:
/etc/apache2/conf.d/mod_nss.conf
and change "NSSProtocol" to "TLSv1.0,TLSv1.1,TLSv1.2" and restart apache?
lighttpd
With SLE11SP3 (HA+SDK) we deliver lighttpd 1.4.20. This version of
lighhtpd does not allow to disable SSL. Please see the work-around
section below.
cyrus-imapd
Cyrus-imap supports SSL and STARTTLS. The configuration needs to be
adjusted by setting:
tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH
If this does not work for your environment you can still use the below
mentioned work-around.
Even is the protocol downgrade might be possible, it is still very
likely that the IMAP over SSL protocol is not vulnerable to this kind of
attack.
stunnel
On SLE12 you can enable TLS up to TLS 1.2 by using
sslVersion = TLSv1 TLSv1.1 TLSv1.2
On SLE11 you can enable TLS up to TLS 1.1 by using the config option:
sslVersion = TLSv1 TLSv1.1
For earlier version you have to try:
options = NO_SSLv3
options = NO_SSLv2
SUSE Manager
SUSE Manager disables SSL by default and only uses TLS.
SMT
SMT uses TLS on the server site.
WebYaST/SLMS
Both services use Nginx which is configured to not allow SSL but only
uses TLS.
Your nginx configuration file should contain:
ssl on;
ssl_protocols TLSv1
SUSE Cloud
If you're running the OpenStack Horizon Dashboard with SSL, consider to change the chef template on your Admin server
/opt/dell/chef/cookbooks/nova_dashboard/templates/suse/nova-dashboard.conf.erb
To include
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
Upload the cookbook by
knife cookbook upload nova_dashboard -o /opt/dell/chef/cookbooks/
and finally redeploy the "Horizon" Barclamp from the UI to make the change effective. Note this setting is supposed to be the default going forward.
suseRegister/suseConnect
The registration protocol uses SSL (libcurl) and allows SSL as fallback.
Updates for it will be published if appropriate. Is is very unlikely
that the registration process can be exploited using this vulnerability.
Downloading updates
Patches distributed via our CDN provider are secure because SSL was
disabled and packages are signed in addition.
Work-around
If your service does not support to disable SSL it is possible to use
HAproxy to handle the TLS connections and forward the traffic to the
service.
After changing your configuration verify your new setup please.
3. Background
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. An attacker who acts as man-in-the-middle can force to downgrade the SSL/TLS protocol to version 3.0 if the attacked application supports this old SSL version. This legacy protocol is not secure. Depending on the applications, it may be possible for an adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTTP cookies.
This attack is not limited to web-browsers, other services (like VPNs, mail clients, etc) use SSL to secure their traffic as well. Please evaluate your applications and configurations -- on all operating systems.
In short: The POODLE attack to the SSL 3.0 protocol, published last night (https://www.openssl.org/~bodo/ssl-poodle.pdf) requires server and desktop administrators and desktop users to carefully review their security protocol settings in packages such as HTTP Servers (such as Apache, Tomcat), SMTP Servers(such as Postfix), IMAP Servers, ... as well as Web browsers (Firefox, ...) and E-Mail Clients (Evolution, Thunderbird, ...).
More generally: everything which uses the SSL/TLS protocol, needs a review.
Recommended action:
Check for and if needed, change the settings to work with TLS 1.0 as a minimum requirement (details below).
Fortunately, you do not have to install or update any package to mitigate the situation. In the future you may see updates to some packages, to help mitigating this on a lower level than the configuration alone.
Unfortunately, changing the settings on servers and clients can have significant side effects, if some part of your stack really requires the SSL 3.0 protocol. Carefully check your needs and those of your peers!
2. Settings for some well known packages
Firefox and Thunderbird
In older Firefox Browsers (before 23), there was a menu entry to disable SSLv3 (Preferences-Advanced-Encryption).
For more recent Firefox versions you need to use the detailed configuration. Go to "about:config", search for "security.tls.version.min" and change the value to "1" at least.
The default is "0", see:
http://http://kb.mozillazine.org/Security.tls.version.*
The same steps are needed for Thunderbird.
Apache webserver
Make sure your Apache configuration(s) contains:
"SSLProtocol all -SSLv2 -SSLv3"
Note: Run the following command to make sure that SSLv3 is disabled:
openssl s_client -connect localhost:443 -ssl3
The result will show which protocols are in use, either SSLv3 and TLS or just TLS.
Postfix SMTP Server
To enforce TLS for transport of SMTP connections, add this to your configuration:
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_enforce_tls = yes
Note, with "smtp_enforce_tls = yes" your postfix will not accept any
plaintext connections anymore.
Evolution
If your email server supports the STARTTLS (http://en.wikipedia.org/wiki/STARTTLS) feature, we suggest you change configuration on Evolution email client from "SSL" to "TLS". This will force Evolution email client to use STARTTLS over plain SSL. SUSE is currently working on using TLS instead of SSLv3 when "SSL" is chosen in the configuration dialog, for mail servers not supporting STARTTLS. A respective patch will be available in the future.
apache2-mod_nss
To disable SSL edit the following file:
/etc/apache2/conf.d/mod_nss.conf
and change "NSSProtocol" to "TLSv1.0,TLSv1.1,TLSv1.2" and restart apache?
lighttpd
With SLE11SP3 (HA+SDK) we deliver lighttpd 1.4.20. This version of
lighhtpd does not allow to disable SSL. Please see the work-around
section below.
cyrus-imapd
Cyrus-imap supports SSL and STARTTLS. The configuration needs to be
adjusted by setting:
tls_cipher_list: TLSv1+HIGH:!aNull:@STRENGTH
If this does not work for your environment you can still use the below
mentioned work-around.
Even is the protocol downgrade might be possible, it is still very
likely that the IMAP over SSL protocol is not vulnerable to this kind of
attack.
stunnel
On SLE12 you can enable TLS up to TLS 1.2 by using
sslVersion = TLSv1 TLSv1.1 TLSv1.2
On SLE11 you can enable TLS up to TLS 1.1 by using the config option:
sslVersion = TLSv1 TLSv1.1
For earlier version you have to try:
options = NO_SSLv3
options = NO_SSLv2
SUSE Manager
SUSE Manager disables SSL by default and only uses TLS.
SMT
SMT uses TLS on the server site.
WebYaST/SLMS
Both services use Nginx which is configured to not allow SSL but only
uses TLS.
Your nginx configuration file should contain:
ssl on;
ssl_protocols TLSv1
SUSE Cloud
If you're running the OpenStack Horizon Dashboard with SSL, consider to change the chef template on your Admin server
/opt/dell/chef/cookbooks/nova_dashboard/templates/suse/nova-dashboard.conf.erb
To include
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
Upload the cookbook by
knife cookbook upload nova_dashboard -o /opt/dell/chef/cookbooks/
and finally redeploy the "Horizon" Barclamp from the UI to make the change effective. Note this setting is supposed to be the default going forward.
suseRegister/suseConnect
The registration protocol uses SSL (libcurl) and allows SSL as fallback.
Updates for it will be published if appropriate. Is is very unlikely
that the registration process can be exploited using this vulnerability.
Downloading updates
Patches distributed via our CDN provider are secure because SSL was
disabled and packages are signed in addition.
Work-around
If your service does not support to disable SSL it is possible to use
HAproxy to handle the TLS connections and forward the traffic to the
service.
After changing your configuration verify your new setup please.
3. Background
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. An attacker who acts as man-in-the-middle can force to downgrade the SSL/TLS protocol to version 3.0 if the attacked application supports this old SSL version. This legacy protocol is not secure. Depending on the applications, it may be possible for an adversary to mount attacks that can lead to disclosure of secret data such as passwords or HTTP cookies.
This attack is not limited to web-browsers, other services (like VPNs, mail clients, etc) use SSL to secure their traffic as well. Please evaluate your applications and configurations -- on all operating systems.
Resolution
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7015773
- Creation Date: 15-Oct-2014
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
