RedyHost security team has been made aware of a vulnerability in the SSLv3.0 protocol, which has been assigned CVE-2014-3566. All implementations of SSLv3.0 are affected.
What Is POODLE?
POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack. More details are available in the upstream OpenSSL advisory.
Netscape originally developed Secure Sockets Layer (SSL) to be a means of protecting data as it was sent across a network. Version 1 was never released, and when SSLv2 came out in 1995, there were a number of flaws that made it insecure. Cryptography is an ever-changing field and the recommended settings from a month ago may not be the recommended settings today. Because of this, it is important to stay current with recommended settings for cryptography.
Recommendations
Current recommendations are to use only TLSv1.1 and TLSv1.2. Backwards compatibility can be done using TLSv1.0. It is not recommended to use SSLv2 and SSLv3 as they are considered insecure. Many services managed by RedyHost have the ability to use these protocols, and although they may be disabled by default, it is always important to check the configuration before using a service.
To mitigate this vulnerability, you should explicitly disable SSLv3.0 in all affected packages. Additional instructions to do this for each affected package, as well as updates that disable SSLv3.0 by default, are being developed by RedyHost security team as a high priority.
Mitigation steps have been documented for the following products and components. This table will be expanded as mitigation steps for more products and components are developed.
Diagnostic Steps
Run the following command to determine whether SSLv3 is enabled on a server:
openssl s_client -connect localhost:443 -ssl3
To test a remote server, use that server’s hostname instead of localhost. If the server is using a port other than 443, substitute that port in the command.
If SSLv3 is NOT enabled you should see output similar to the following. In this case, the server is NOT vulnerable.
openssl s_client -connect localhost:443 -ssl3 CONNECTED(00000003) 140128201074504:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40 140128201074504:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1413337595 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
If SSLv3 IS enabled you should see output similar to the following. In this case, the server IS vulnerable.
openssl s_client -connect localhost:443 -ssl3 CONNECTED(00000003) depth=2 C = US, O = Bigger Inc., CN = Big CA verify return:1 depth=1 C = US, O = "Bigger, Inc.", CN = Big CA verify return:1 depth=0 serialNumber = -912hgd9qgwf9uewqgfiu239gf2309fg, OU = HT98723987, OU = See www.example.com/resources/cps (c)14, OU = Domain Control Validated - Big(R), CN = your.server.example.org verify return:1 --- Certificate chain 0 s:/serialNumber=-912hgd9qgwf9uewqgfiu239gf2309fg/OU=HT98723987/OU=See www.example.com/resources/cps (c)14/OU=Domain Control Validated - Big(R)/CN=your.server.example.org i:/C=US/O=Bigger, Inc./CN=Big CA 1 s:/C=US/O=Bigger, Inc./CN=Big CA i:/C=US/O=Bigger Inc./CN=Bigger CA --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/serialNumber=-912hgd9qgwf9uewqgfiu239gf2309fg/OU=HT98723987/OU=See www.example.com/resources/cps (c)14/OU=Domain Control Validated - Big(R)/CN=your.server.example.org issuer=/C=US/O=Bigger, Inc./CN=Big CA --- No client certificate CA names sent --- SSL handshake has read 3035 bytes and written 354 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : DHE-RSA-AES256-SHA Session-ID: 68FA1758EE91651850A158CF784F37BD929F0E553EFFEF6D089AEBEA1420055D Session-ID-ctx: Master-Key: 3836341955FA70674AE189C30FB44FE85537D17C9B1CF9FB7BF444155A944D080D3130801502488994DA9F1CE9DAF0D8 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1413337513 Timeout : 7200 (sec) Verify return code: 0 (ok) ---
Steps to mitigate vulnerability in your server by disabling SSLv3 support
WHM/cPanel with Apache
These ciphers can be configured for Apache as noted from the article via WHM > Service Configuration > Apache Configuration > Global Configuration. This will NOT work with cPanel/WHM and will break its SSL service. This cipher may also remove the issue with Forward Secrecy in most cases
EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS
Please note the cipher itself does not completely disable SSL3. You also cannot remove the SSL3 Protocol Support from the cPanel/WHM Services unfortunately. Also you should not alter the default ciphers for cPanel/WHM services at this time either as using anything that strips away SSL3/TLS 1.0 support will cause this to break due to they way its designed unfortunately.
To disable the SSL2 and SSL3 protocols in Apache, you can copy your Apache version’s “main.default” file over to “main.local”, and make the adjustments on the main.local file. You can find your Apache version by running “httpd -v”.
Apache 2.2
cp /var/cpanel/templates/apache2_2/main.default /var/cpanel/templates/apache2_2/main.local
Apache 2.4
cp /var/cpanel/templates/apache2_4/main.default /var/cpanel/templates/apache2_4/main.local
You then want to look for the section that looks like this.
[% IF supported.mod_ssl -%] # SSLCipherSuite can be set in WHM under 'Apache Global Configuration' [% IF main.sslciphersuite.item.sslciphersuite.length %]SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %] SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin
And change it to add the following two things right after the [% IF supported.mod_ssl -%]
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on
An example of how it should look is below.
[% IF supported.mod_ssl -%] SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on # SSLCipherSuite can be set in WHM under 'Apache Global Configuration' [% IF main.sslciphersuite.item.sslciphersuite.length %]SSLCipherSuite [% main.sslciphersuite.item.sslciphersuite %][% END %] SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/usr/local/apache/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin
Then you can save the file, rebuild the configuration and restart Apache.
/scripts/rebuildhttpdconf service httpd restart
This should remove the SSL3 protocol support from your server. You can test this on Qualys to see the results
http://ssllabs.com/ssltest/analyze.html
CentOS 6 wth Apache 2.x
Edit Apache configuration file for the required vhost
nano /etc/httpd/conf.d/ssl.conf
Ensure these lines are present:
SSLHonorCipherOrder On SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5:!RC4 SSLProtocol -ALL +TLSv1 -SSLv3 -SSLv2
For More Information
If you have questions or concerns, please contact RedyHost Technical Support.