Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Prohibited SSL Protocols from Configuration File #1253

Open
rdratlos opened this issue Apr 3, 2021 · 4 comments
Open

Remove Prohibited SSL Protocols from Configuration File #1253

rdratlos opened this issue Apr 3, 2021 · 4 comments

Comments

@rdratlos
Copy link

rdratlos commented Apr 3, 2021

Vulnerable and insecure SSL protocols SSLv2 and SSLv3 must not be used
by applications (RFC7568 and RFC6176).

Recent scans of the Internet at large show that more than 5.9 million Web
servers, comprising 17 percent of all HTTPS-protected machines, directly support
SSLv2. That's a troubling finding, given widely repeated advice that SSLv2 be
disabled. More troubling still, even when a server doesn't allow SSLv2
connections, it may still be susceptible to attack if the underlying RSA key
pair is reused on a separate server that does support the old protocol.
A website, e. g., that forbids SSLv2 may still be vulnerable if its key is used
on an e-mail server that allows SSLv2.

Cherokee disables both protocols by default. Users can override this by
explicitly enabling the protocols in the configuration file. On the other
hand IETF does not allow to use both SSL protocols anymore due to their
vulnerabilities, which also affect security of more recent TLS protocols.
SSLv2 and SSLv3 enable settings in existing (legacy) configuration files
will force Cherokee webserver into an unsafe configuration.

@skinkie
Copy link
Member

skinkie commented Apr 3, 2021

The main problem with completely removing those things is that if a user is running an older OS on a client not supporting those newer protocols cannot connect anymore, ok you could connect it over HTTP. There are numerous examples of an intranet application having XP clients want to secure authentication not being plain text. I am open to suggestions how this can be solved, but still supported, maybe at compile time?

rdratlos pushed a commit to rdratlos/cherokee-webserver that referenced this issue Apr 3, 2021
Vulnerable and insecure SSL protocols SSLv2 and SSLv3 must not be used
by applications (RFC7568 and RFC6176).

Recent scans of the Internet at large show that more than 5.9 million Web
servers, comprising 17 percent of all HTTPS-protected machines, directly support
SSLv2. That's a troubling finding, given widely repeated advice that SSLv2 be
disabled. More troubling still, even when a server doesn't allow SSLv2
connections, it may still be susceptible to attack if the underlying RSA key
pair is reused on a separate server that does support the old protocol.
A website, e. g., that forbids SSLv2 may still be vulnerable if its key is used
on an e-mail server that allows SSLv2.

Cherokee disables both protocols by default. Users can override this by
explicitly enabling the protocols in the configuration file. On the other
hand IETF does not allow to use both SSL protocols anymore due to their
vulnerabilities, which also affect security of more recent TLS protocols.
Remove SSLv2 and SSLv3 settings from existing (legacy) configuration files
during installation to allow safe operation of Cherokee webserver.

Users that for whatever reason still require use of SSLv2 or SSLv3 can
enable the protocol again after installation using cherokee-admin.

Note: Use of SSLv2 or SSLv3 also depends on OpenSSL. Recent versions
      of OpenSSL removed SSLv2 and most distribution now also disable
      SSLv3.

This patch adds a new mechanism to Cherokee that allows for intermediate
security updates of the configuration file when a regular update to a new
Cherokee version is not (yet) available.

Fixes: cherokee#1253

Signed-off-by: Thomas Reim <[email protected]>
@rdratlos
Copy link
Author

rdratlos commented Apr 3, 2021

The following shows the output during upgrade of a legacy Cherokee implementation of an Ubuntu server when above mentioned fix is installed (in German language, sorry):

...
Vorbereitung zum Entpacken von .../0-cherokee_1.2.104-1~ppa7~18.04_amd64.deb ...                                                           
update-alternatives: Fehler: keine Alternativen für spawn-fcgi                                                                             
Upgrading '/etc/cherokee/cherokee.conf' from 1002104 to 1002104.. Not upgraded.                                                            
Applying security updates to '/etc/cherokee/cherokee.conf'..                                                                               
    WARNING!! SSL version 3 was enabled in the onfiguration file. This SSL/TLS protocol is                                                 
              obsolete and must not be used anymore. Configuration entry removed.                                                          
    In case of need you can temporarily enable SSLv3 again using cherokee-admin.                                                           
Updated.                                                                                                                                   
Saving new configuration.. OK                                                                                                              
Entpacken von cherokee (1.2.104-1~ppa7~18.04) über (1.2.104-1~ppa5~bionic) ...
...                                                             

@skinkie
Copy link
Member

skinkie commented Apr 3, 2021

Is there any breaking change from configuration perspective?

@rdratlos
Copy link
Author

rdratlos commented Apr 4, 2021

Not really breaking changes. There are two additional TLS configuration parameters:

  • server!tls!protocol!min
  • server!tls!protocol!max

for configuration of a minimum or maximum TLS protocol version that is available to clients of Cherokee webserver. The new and recommended OpenSSL/libssl mechanism for TLS protocol control.

On the other hand, we have not seen a Cherokee version update since 2015. So this PR could be a trigger for a new minor version 105 and a signal to the community. But such a decision also depends on the degree of fixed CVEs against Cherokee. I have seen code fixes but I have no overview on still outstanding CVEs.

If you decided to prepare a new Cherokee version I would volunteer to prepare an upgrade procedure from "allow SSL/TLS" based configuration to min/max. SSL/TLS protocol configuration.

Let me know your plans.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants