Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Disable support for SSL 3 protocol in 2.1.x #124

Closed
wants to merge 1 commit into from

8 participants

@f3ndot

Not sure if this'll work, but I believe it will disable negotiation for both the SSL 2 and SSL 3 protocols, leaving it to be TLS 1, 1.1, 1.2, or future versions yet to be written.

I believe it doesn't change the version requirements for OpenSSL, but obviously the higher the version the more available secure protocols (e.g. TLS 1.2 is available in OpenSSL 1.0.1 and later)

Justification:

@f3ndot f3ndot Add SSL_OP_NO_SSLv3 to OpenSSL context options;
SSLv3 is on the way out. It is considered less secure than TLS and should not be offered as an available protocol for XMPP.
cb6a4e5
@runcom

Already done here processone/tls@5d3cad3

@f3ndot

@amurdaca I'm slightly confused then. What does tls_drv.c do if the TLS for ejabberd is handled in a separate project/repo?

@rraptorr

The project amurdaca refers to is used by ejabberd master, it has nothing to do with ejabberd 2.x

@f3ndot

Ah. Are we no longer considering PRs for 2.x?

@zinid
Collaborator

I reverted 5d3cad37a80c6d730e2e5e3b6091cbb69ce199ec because it breaks backward compatibility with Tkabber and Miranda. Also people reported some s2s problems.

Too early for this commit. Let's wait a couple of years.

@Neustradamus

Tkabber and Miranda must update the code, please do not revert this change for security (apply this patch).

@DrWhax

I really encourage the ejabberd project to take a stance by disabling SSL 3.0. The entire internet community will benefit from this security wise. We shouldn't worry about breaking compatibility with clients. We should rather encourage developers of those respected clients to update their code and preferring TLS1.2 with PFS ciphers.

Please apply this patch

@zinid Could you elaborate a bit more on the s2s problems? I would be interested to know.

@zinid
Collaborator

We shouldn't worry about breaking compatibility with clients

ejabberd will introduce option to disable SSLv3. At least @alexeyshch was going to do that. I don't know about 2.1.x though.

Regarding s2s: I can't clarify because I didn't ask for details. Problems with Tkabber were enough for me.

@Neustradamus

Note for Tkabber: http://tkabber.jabber.ru/tkabber-1.0 (01/01/2014)
And Miranda NG: http://miranda-ng.org/

@georgehazan

Miranda NG depends only on the underlying Windows Security Services. Even under XP it guarantees SSL3 & TLS 1.0 support, so SSL3 might be disabled easily

@Neustradamus

It is a confirmation that Tkabber and Miranda NG are not infected by the problem.
You can disable all old SSL versions and have TLS 1.0 and more enabled.

@zinid
Collaborator

@Neustradamus Are you talking about recent versions? Recent versions are not affected of course. For example, Tkabber has been fixed just recently because of my bug report.
But there are still some versions in use which are affected.

@Neustradamus

People update the client, so it is not a problem.

@kvakvs kvakvs referenced this pull request from a commit
@ppikula ppikula remove unused is_list guards issue #124 0715bc3
@Neustradamus

For security of old 2.1.x servers, it is needed to remove SSLv3 support like I have said several months ago.

-> Poodle

@f3ndot

Prosody 0.9.6 now has SSLv3 disabled by default. Since it's nearly been a year, can we revisit the possibility disabling SSLv3 for 2.1.x?

@rraptorr

POODLE attack requires very specific conditions that are only present in web browsers. In particular:

  • ability to sent arbitrary packets from attacked browser
  • browser itself retrying SSL/TLS connections with lower SSL/TLS version

Those conditions do not apply to ejabberd or any other XMPP server:

  • you cannot easily send arbitrary packets from attacked XMPP client
  • XMPP clients do not make downgraded connections

SSL/TLS has perfectly valid version negiotiation mechanism. Even if the XMPP server does support SSL 3.0 it does not make anyone vulnerable.
Before jumping to conclusions I strongly suggest that you read and understand how the attack works: https://www.openssl.org/~bodo/ssl-poodle.pdf

Oh, and I am in general in favor of disabling SSL 3.0, I just don't like the general attitude "OMG, POODLE, we must disable" without understanding what and why.

@cromain
Owner

closing as it's not needed and 2.1 not maintained

@cromain cromain closed this
@f3ndot f3ndot deleted the branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 11, 2013
  1. @f3ndot

    Add SSL_OP_NO_SSLv3 to OpenSSL context options;

    f3ndot authored
    SSLv3 is on the way out. It is considered less secure than TLS and should not be offered as an available protocol for XMPP.
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  src/tls/tls_drv.c
View
2  src/tls/tls_drv.c
@@ -440,7 +440,7 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
res = SSL_CTX_check_private_key(ctx);
die_unless(res > 0, "SSL_CTX_check_private_key failed");
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET);
SSL_CTX_set_cipher_list(ctx, CIPHERS);
Something went wrong with that request. Please try again.