POODLE vulnerability, JBoss and IE

问题:

So, I have JBoss 5.1.0 GA, and I read about how I need to disable SSLv3 here:

https://access.redhat.com/solutions/1232233

What was not mentioned here was that I also need to get rid of all ciphers that support falling back to SSLv3. When I did that, I got a "green checkmark" on this website

https://www.tinfoilsecurity.com/poodle

which is basically a confirmation that I've secured my server and SSLv3 is not supported anymore, but now I cannot access my website using IE (all versions of IE). Since I only had 4 ciphers in my cipher list in the server.xml configuration, I aimed to find more ciphers to add in this list, to get IE to work. I added more than 50 ciphers, but IE still won't load my website. Here's a list of all the ciphers that I used so far (I got the list from here (https://www.openssl.org/docs/apps/ciphers.html):

TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_SEED_CBC_SHA, TLS_DH_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA, TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_WITH_DES_CBC_SHA, TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_WITH_DES_CBC_SHA, TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_RC4_128_SHA

None of these ciphers work with IE, meaning that when I approach my server with IE, I get "This page can’t be displayed".

Can someone help me with this? Is there a cipher that I can use which will not open SSLv3 on my server, and will also work with IE?

UPDATE: If I implement the solution suggested by RedHat (which is, changing the sslProtocols to "TLSv1,TLSv1.1,TLSv1.2"):

1. I get an error when starting JBoss saying "TLSv1,TLSv1.1,TLSv1.2 SSLContext not available". This means that this string is invalid, and I MUST use only one of these protocols. Ok well, I'll go eith the most secure one: "TLS1.2"
2. The other problem is that in the RedHat solution, nothing is mentioned on ciphers. I was under the impression that "ciphers" element is not needed anymore, so I removed it from the server.xml, changed the sslProtocols value to "TLSv1.2" and scanned my server. IT IS STILL VULNERABLE!.
3. I tried setting TLSv1.1 and TLSv1. It does not work. It seems that the sslProtocols element does not have ANY effect on which protocols the server is using, meaning that only the ciphers element has some value.
4. Well, OK then, I said... I'll find some TLSv1.2 specific ciphers, and I'll add it there, thus tightly securing my server. I added ALL the TLSv1.2 ciphers from the list specified in the https://www.openssl.org/docs/apps/ciphers.html link. Scanned my server, got a "green checkmark", everyting OK and secured... Tried to approach my server through any browser... "The page cannot be opened". Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Firefox: ssl_error_no_cypher_overlap IE: Page cannot be opened (not having the courtesy to inform me why) What the hell?! What should I do now?
5. Ok, I'll start adding the ciphers from the bottom up from the https://www.openssl.org/docs/apps/ciphers.html list, SKIPPING the SSLv3 ones. I got to this (really short) list: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, (IE works only with this cipher) TLS_DHE_RSA_WITH_AES_128_CBC_SHA, (FF, Chrome and Safari work with this cipher) TLS_DHE_RSA_WITH_AES_256_CBC_SHA, (FF, Chrome and Safari work with this cipher) All browsers work, things look OK. https://www.tinfoilsecurity.com/poodle -> Green checkmark, everything good! Let's try some more online scanners, just to be safe... https://www.expeditedssl.com/poodle -> Not vulnerable. GREAT! https://www.poodlescan.com/ -> VULNERABLE! F**K!
6. Ultimate scan: ssllabs.com ... VULNERABLE!

I'm loosing my mind here... please help!

UPDATE2: After 2 lost days trying to figure out what the problem is... The suggested fix from RedHat contained the element sslProtocol***s*** as opposed to the sslProtocol (note there's no 's' at the end), which I was using, and which is described in the official JbossWeb documentation http://docs.jboss.org/jbossweb/2.1.x/config/http.html

I just added sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" and removed the "ciphers" element, everything works as expected.

回答1:

You only need to set the sslProtocols to tls 1.0, 1.1 and 1.2 to prevent the POODLE attack as describe in the RedHat document https://access.redhat.com/solutions/1232233 (it seems to be ok now, they have updated it a couple of time as the value of the property wasn't correct).

In facts the ssl3.0 and tls1.0 and tls1.1 cypher are basically the same, so removing the ssl3.0 cypher will defacto left only the 1.2 new cyphers (the GMC one). The POODLE attack is really specific to the combination of the use of ssl3 and the CBC ciphers, disabling ssl3 is enough to prevent the issues.

The list of ciphers you put contains some very very bad one (export, rc2 ...).

You can have a look on the Mozilla server side ssl configuration recommendations to have an idea of the cipher you can use: https://wiki.mozilla.org/Security/Server_Side_TLS.

To have a view on the level of security of your server and which browser it will be able to server you can use the ssllabs test.

PS: which version of IE are you using. It it is 6, it is logical as by default it only support ssl3. You can enable tls1.0 (Internet options > Advanced; at the end there is the list of supported ssl/tls, you can check tls 1.0 and uncheck ssl 3.0 to improve your security). If you need to be accessible by default IE 6 and prevent POODLE... sorry there is no secure way (RC4 cipher will work with ssl3 and aren't vulnerable to POODLE but they are not safe for other reason). This is really a IE6 killer, there is no way to have secure ssl connection with IE6 default configuration.

回答2:

After 2 lost days trying to figure out what the problem is...

The suggested fix from RedHat contained the element sslProtocols as opposed to the sslProtocol (note there's no 's' at the end), which I was using, and which is described in the official JbossWeb documentation http://docs.jboss.org/jbossweb/2.1.x/config/http.html

I just added

sslProtocols = "TLSv1,TLSv1.1,TLSv1.2"

and removed the "ciphers" element, now everything works as expected.

转载请标明出处:POODLE vulnerability, JBoss and IE

文章来源: POODLE vulnerability, JBoss and IE