Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Dec 2015 15:55:02 +0000
From: Sevan Janiyan <venture37@...klan.co.uk>
To: oss-security@...ts.openwall.com
Subject: Re: Being vulnerable to POODLE

Hi,

On 28/12/2015 14:32, Florian Weimer wrote:
> How so?
> 
> With some OpenSSL versions, it disables the 0/n split to mitigate a
> *different* CBC vulnerability in TLS 1.0, and the client code explicitly
> prevents OpenSSL from using TLS 1.1 and later.

SSLv23_server_method() is called to setup a server without any
restrictions & SSL_CTX_set_options() sets SSL_OP_ALL on the context.
The change I'm proposing explicitly disables the use of SSLv2/v3 so that
we're not reliant on the SSL library (which may be out of date?) to
impose restriction.

Looking up the documentation before I reply, it seems that by using the
SSL_OP_ALL setting, the mitigation you mention is actually disabled. See
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS & SSL_OP_ALL on[1]

SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
vulnerability affecting CBC ciphers, which cannot be handled by some
broken SSL implementations. This option has no effect for connections
using other ciphers.


Sevan
[1] http://openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ