/ Zope / Apsis / Pound Mailing List / Archive / 2011 / 2011-11 / Re: [Pound Mailing List] SSL renegotiation DDoS and Pound

[ << ] [ >> ]

[ Pound 2.4.5 DAV issue / Tolik aka AcidumIrae ... ] [ Re: [Pound Mailing List] Behaviour on BackEnd ... ]

Re: [Pound Mailing List] SSL renegotiation DDoS and Pound
=?windows-1252?Q?Jorge_F=E1bregas?= <jorge.fabregas(at)gmail.com>
2011-11-02 02:17:49 [ FULL ]
On 10/26/2011 12:56 PM, Joe Gooch wrote:[...]

Is it worth going back to OpenSSL 0.9.8l (from 1.0.x) and therefore
ignore all bug & security fixes that went afterwards?  I don't think so.

I still, however, would like to disable renegotiation but, apparently,
this is not trivial with OpenSSL.

Regards,
Jorge

p.d. still surprised that people here are not commenting on this -
considering the easy to use exploit is out there :(

RE: [Pound Mailing List] SSL renegotiation DDoS and Pound
Joe Gooch <mrwizard(at)k12system.com>
2011-11-02 23:19:01 [ FULL ]
I was unaware you're using 1.0.x.  I use Debian, and squeeze still uses 0.9.8.

To that end, I've whipped up http://goochfriend.org/0001-port-SSL-Renegotiation-patch-to-2.6f.patch

See if that hooks you up.

Disclaimers though:
1) My branch of Pound is a little different, since I have a lot more homebrew
patches in the mix.  It should apply, and I verified it compiles.
2) I verified the thc exploit confirms no renegotiation on my branch
3) I was testing w/ squeeze so that's OpenSSL 0.9.8o

So YMMV, but let me know if you run into any problems and how it works for you.
 If it solves the problem maybe Robert can clean it up and make it a config
option or something similar.  Should probably have config options for allowing
insecure renegotiation (for those stuck with MSIE problems), and other options
to disable renegotiation entirely.

Joe
[...]

Re: [Pound Mailing List] SSL renegotiation DDoS and Pound
=?windows-1252?Q?Jorge_F=E1bregas?= <jorge.fabregas(at)gmail.com>
2011-11-02 23:59:59 [ FULL ]
On 11/02/2011 06:19 PM, Joe Gooch wrote:[...]


Thanks Joe.  I appreciate it.  I'll give this a try and will report back.

Regards,
Jorge

Re: [Pound Mailing List] SSL renegotiation DDoS and Pound
=?windows-1252?Q?Jorge_F=E1bregas?= <jorge.fabregas(at)gmail.com>
2011-11-06 15:50:35 [ FULL ]
On 11/02/2011 06:19 PM, Joe Gooch wrote:[...]

Joe,

I applied the patch flawlessly and it compiled without problems.  I then
proceeded to verify the server with the THC exploit and indeed it shows:

"ERROR: Target has disabled renegotiations."

I also went to:

https://www.ssllabs.com/ssldb/index.html

..and I get this (as expected):

"Secure Renegotiation:  Supported, with client-initiated renegotiation
disabled"

Conclusion:  Your patch nailed it !  Thanks so much!

Best regards,
Jorge

RE: [Pound Mailing List] SSL renegotiation DDoS and Pound
Joe Gooch <mrwizard(at)k12system.com>
2011-11-08 21:21:15 [ FULL ]
Glad it worked for you.

Here's an updated version:
http://goochfriend.org/pound_2.6f_ssl_renegotiation_and_ciphers.patch

This one introduces two new config directives:
SSLHonorCipherOrder 0|1
  When set to 1, server prefers Ciphers in the order specified.  When 0, Server
advertises no preference.

SSLAllowClientRenegotiation 0|1|2
  When set to 0, no client renegotiation will be honored.  When 1, secure
renegotiation will be honored.  When 2, insecure renegotiation will be honored.

It will also disable insecure renegotiation on backend HTTPS connections.

Given these options, the most secure configuration would be:
SSLAllowClientRenegotiation 0
SSLHonorCipherOrder 1
Ciphers        
"ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"

Which mitigates BEAST attacks as outlined here:
http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html

As well as renegotiation attacks.


This should be a slightly cleaner fix which can be more easily integrated into
2.6... but I'm sure there are some things I did which Robert will likely prefer
are coded with a different style... I'll let him make that determination.

Joe
[...]

Re: [Pound Mailing List] SSL renegotiation DDoS and Pound
=?windows-1252?Q?Jorge_F=E1bregas?= <jorge.fabregas(at)gmail.com>
2011-11-10 12:45:00 [ FULL ]
On 11/08/2011 04:21 PM, Joe Gooch wrote:[...]

Thanks again Joe.  This is great!

Robert:  Any plans to incorporate this ?  Thanks.


Regards,
Jorge

MailBoxer