[Pkg-openssl-devel] [Netscape/OpenSSL Cipher Forcing Bug]
Kurt Roeckx
kurt at roeckx.be
Wed May 13 19:51:14 UTC 2009
On Tue, May 12, 2009 at 11:49:44AM +0200, Jürgen Heil wrote:
> Hi everybody,
>
> we do security scans on a regular basis. The mentioned OpenSSL bug has
> always been listed as a Level 2 Vulnerability (Qualys) since yesterday. Now
> it is listed as a level 3 Vulnerability which is not compliant to the PCI
> DSS requirements.
Do you have an URL for that? Does it have a CVE number?
> # Diagnosis
> Netscape's SSLv3 implementation had a bug where if a SSLv3 connection is
> initially established, the first available cipher is used. If a session is
> resumed, a different cipher may be chosen if it appears in the passed cipher
> list before the session's current cipher. This bug can be used to change
> ciphers on the server. OpenSSL contains this bug if the
> SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is enabled during runtime.
> This option was introduced for compatibility reasons. The problem arises
> when different applications using OpenSSL's libssl library enable all
> compatibility options including SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG,
> thus enabling the bug.
So the question is if you have any application that enable this,
like maybe apache?
> # Solution
> This problem can be fixed by disabling the SSL OP NETSCAPE REUSE
> CIPHER_CHANGE_BUG option from the options list of OpenSSL's libssl library.
> This can be done by replacing the SSL OP ALL definition in the openssl/ssl.h
> file with the following line:
>
> #define SSL OP ALL (0x00000FFFL^SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
>
> The library and all programs using this library need to be recompiled to
> ensure that the correct OpenSSL library is used during linking.
The library does not need to be rebuild for that, but all
applications should. An other way it to patch openssl
not to support it at all, and then you'll only have to
update the library.
> Can anyone please tell me if this problem has been addressed in past
> releases of the openssl package? Or if it is gonna be addressed in future
> releases?
Nobody filed a bug against the Debian package yet, and upstream
seems to know about this for 5 years. If you want to see
this fixed, I suggest with starting to file a bug against
the debian libssl0.9.8 package.
Kurt
More information about the Pkg-openssl-devel
mailing list