openSSL: Cross-protocol attack on TLS using SSLv2 (CVE-2016-0800 aka DROWN)
This document (7017297) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 1
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)
SUSE Linux Enterprise Server 12 Service Pack 1
SUSE Linux Enterprise Server 11 Service Pack 4 (SLES 11 SP4)
SUSE Linux Enterprise Server 11 Service Pack 3 LTSS (SLES 11 SP3 LTSS)
SUSE Linux Enterprise Server 11 Service Pack 2 LTSS (SLES 11 SP2 LTSS)
Situation
A cross-protocol attack was discovered that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle.
Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys fo the non-vulnerable server.
This vulnerability is also known as DROWN (for "Decrypting RSA using Obsolete and Weakened eNcryption"
Note that traffic between clients and non-vulnerable servers can be decrypted provided another server supporting SSLv2 and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP) shares the RSA keys fo the non-vulnerable server.
This vulnerability is also known as DROWN (for "Decrypting RSA using Obsolete and Weakened eNcryption"
Resolution
The issue can be avoided by disabling the SSLv2 protocol in all the SSL/TLS servers. Disabling all SSLv2 ciphers is also sufficient, provided the patches from CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f) have been deployed.
SUSE has release a patch that will disable SSLv2 protocol altogether by default as well as disabling all EXPORT ciphers. The patch also checks environment variables to allow customers to unbreak applications that mandatory need SSLv2:
SUSE has release a patch that will disable SSLv2 protocol altogether by default as well as disabling all EXPORT ciphers. The patch also checks environment variables to allow customers to unbreak applications that mandatory need SSLv2:
OPENSSL_ALLOW_SSL2 - allow ssl2 protocol, default off
OPENSSL_ALLOW_EXPORT - allow export ciphers, default off
SLES 12 SP1SLES 12
- openssl-1.0.1i-44.1 was released 1st of March 2016
SLES 11 SP4
- openssl-1.0.1i-27.13.1 was released 1st of March 2016
SLES 11 SP3 LTSS
- openssl-0.9.8j-0.89.1 was released 1st of March 2016
SLES 11 SP2 LTSS
- openssl-0.9.8j-0.89.1 was released 1st of March 2016
- openssl-0.9.8j-0.89.1 was released 1st of March 2016
Servers have to be patched with these versions to be safe.
Cause
Additional Information
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7017297
- Creation Date: 25-Feb-2016
- Modified Date:03-Mar-2020
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
