Date: Mon, 28 Dec 2015 15:55:02 +0000 From: Sevan Janiyan <venture37@...klan.co.uk> To: oss-security@...ts.openwall.com Subject: Re: Being vulnerable to POODLE Hi, On 28/12/2015 14:32, Florian Weimer wrote: > How so? > > With some OpenSSL versions, it disables the 0/n split to mitigate a > *different* CBC vulnerability in TLS 1.0, and the client code explicitly > prevents OpenSSL from using TLS 1.1 and later. SSLv23_server_method() is called to setup a server without any restrictions & SSL_CTX_set_options() sets SSL_OP_ALL on the context. The change I'm proposing explicitly disables the use of SSLv2/v3 so that we're not reliant on the SSL library (which may be out of date?) to impose restriction. Looking up the documentation before I reply, it seems that by using the SSL_OP_ALL setting, the mitigation you mention is actually disabled. See SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS & SSL_OP_ALL on SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers, which cannot be handled by some broken SSL implementations. This option has no effect for connections using other ciphers. Sevan  http://openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ