There's been a vulnerability discovered in SSLv3 that basically allows attackers to decrypt it. ;(
I would like to apply the following and disable it on our sites for now until and unless we find a better solution in coming days.
Note that I am likely going to try and test the koji change in stg first and might adjust it some.
I'll also likely apply this soon anyhow as it's a security issue, but more eye's +1's welcome.
kevin -- diff --git a/configs/httpd/websites/infrastructure.fedoraproject.org.conf b/configs/httpd/websites/infrastructur index 2d8a8dc..2d197eb 100644 --- a/configs/httpd/websites/infrastructure.fedoraproject.org.conf +++ b/configs/httpd/websites/infrastructure.fedoraproject.org.conf @@ -56,7 +56,7 @@ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # If you change the protocols or cipher suites, you should probably update # modules/squid/files/squid.conf-el6 too, to keep it in sync. - SSLProtocol +SSLv3 +TLSv1 + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
Include "conf.d/infrastructure.fedoraproject.org/*.conf" diff --git a/configs/system/fedorapeople/people.conf b/configs/system/fedorapeople/people.conf index 113321b..674f28a 100644 --- a/configs/system/fedorapeople/people.conf +++ b/configs/system/fedorapeople/people.conf @@ -36,7 +36,7 @@ NameVirtualHost [2610:28:3090:3001:5054:ff:fedb:7f5a]:443 SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC - SSLProtocol +SSLv3 +TLSv1 + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Header add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/configs/system/planet/planet.conf b/configs/system/planet/planet.conf index 0ee76fc..ed80bcc 100644 --- a/configs/system/planet/planet.conf +++ b/configs/system/planet/planet.conf @@ -47,7 +47,7 @@ SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- - SSLProtocol +SSLv3 +TLSv1 + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
DocumentRoot "/srv/planet/site/"
diff --git a/configs/web/fedorahosted.org.conf b/configs/web/fedorahosted.org.conf index f3476c2..b5ac057 100644 --- a/configs/web/fedorahosted.org.conf +++ b/configs/web/fedorahosted.org.conf @@ -23,7 +23,7 @@ Listen 443 SSLCertificateChainFile /etc/httpd/conf.d/fedorahosted.org/wildcard-2014.fedorahosted.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- - SSLProtocol +SSLv3 +TLSv1 + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Header add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/configs/web/git.fedorahosted.org.conf b/configs/web/git.fedorahosted.org.conf index bba8519..f670515 100644 --- a/configs/web/git.fedorahosted.org.conf +++ b/configs/web/git.fedorahosted.org.conf @@ -21,7 +21,7 @@ Alias /robots.txt /srv/web/fedorahosted.org/robots.txt SSLCertificateChainFile /etc/httpd/conf.d/fedorahosted.org/wildcard-2014.fedorahosted.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- - SSLProtocol +SSLv3 +TLSv1 + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Alias /cgit-data /usr/share/cgit ScriptAlias /cgit /var/www/cgi-bin/cgit diff --git a/configs/web/koji-ssl.conf b/configs/web/koji-ssl.conf index 93696c8..307e82d 100644 --- a/configs/web/koji-ssl.conf +++ b/configs/web/koji-ssl.conf @@ -97,7 +97,7 @@ SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 +SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. diff --git a/configs/web/pkgs.fedoraproject.org/lookaside-upload.conf b/configs/web/pkgs.fedoraproject.org/looka index bf41146..bfb44d6 100644 --- a/configs/web/pkgs.fedoraproject.org/lookaside-upload.conf +++ b/configs/web/pkgs.fedoraproject.org/lookaside-upload.conf @@ -29,8 +29,7 @@ SSLCryptoDevice builtin SSLCARevocationFile /etc/pki/tls/crl.pem
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE- - SSLProtocol +SSLv3 +TLSv1 - + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
# Must be 'optional' everywhere in order to have POST operations work to upload.cgi SSLVerifyClient optional diff --git a/modules/httpd/templates/website.conf.erb b/modules/httpd/templates/website.conf.erb index 668c090..817b5ef 100644 --- a/modules/httpd/templates/website.conf.erb +++ b/modules/httpd/templates/website.conf.erb @@ -42,7 +42,7 @@ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # If you change the protocols or cipher suites, you should probably update # modules/squid/files/squid.conf-el6 too, to keep it in sync. - SSLProtocol +SSLv3 +TLSv1 + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
Include "conf.d/<%= name %>/*.conf" diff --git a/modules/puppet/files/puppetmaster.conf b/modules/puppet/files/puppetmaster.conf index 4294a14..08a6d3b 100644 --- a/modules/puppet/files/puppetmaster.conf +++ b/modules/puppet/files/puppetmaster.conf @@ -58,6 +58,7 @@ user apache ServerName master.puppetmanaged.org SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA + SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem diff --git a/modules/squid/files/squid.conf-el6 b/modules/squid/files/squid.conf-el6 index 80b8e86..123af78 100644 --- a/modules/squid/files/squid.conf-el6 +++ b/modules/squid/files/squid.conf-el6 @@ -1,5 +1,5 @@ http_port 80 defaultsite=kojipkgs.fedoraproject.org -https_port 443 defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2014.squid.cert key=/etc +https_port 443 defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2014.squid.cert key=/etc
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=kojipkgs hierarchy_stoplist cgi-bin ?
+1 here, though additional testing of the koji change can't hurt.
-Ricky
On 10/14/2014 09:32 PM, Kevin Fenzi wrote:
There's been a vulnerability discovered in SSLv3 that basically allows attackers to decrypt it. ;(
I would like to apply the following and disable it on our sites for now until and unless we find a better solution in coming days.
Note that I am likely going to try and test the koji change in stg first and might adjust it some.
I'll also likely apply this soon anyhow as it's a security issue, but more eye's +1's welcome.
kevin
diff --git a/configs/httpd/websites/infrastructure.fedoraproject.org.conf b/configs/httpd/websites/infrastructur index 2d8a8dc..2d197eb 100644 --- a/configs/httpd/websites/infrastructure.fedoraproject.org.conf +++ b/configs/httpd/websites/infrastructure.fedoraproject.org.conf @@ -56,7 +56,7 @@ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # If you change the protocols or cipher suites, you should probably update # modules/squid/files/squid.conf-el6 too, to keep it in sync.
- SSLProtocol +SSLv3 +TLSv1
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
Include "conf.d/infrastructure.fedoraproject.org/*.conf"
diff --git a/configs/system/fedorapeople/people.conf b/configs/system/fedorapeople/people.conf index 113321b..674f28a 100644 --- a/configs/system/fedorapeople/people.conf +++ b/configs/system/fedorapeople/people.conf @@ -36,7 +36,7 @@ NameVirtualHost [2610:28:3090:3001:5054:ff:fedb:7f5a]:443 SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
- SSLProtocol +SSLv3 +TLSv1
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Header add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/configs/system/planet/planet.conf b/configs/system/planet/planet.conf index 0ee76fc..ed80bcc 100644 --- a/configs/system/planet/planet.conf +++ b/configs/system/planet/planet.conf @@ -47,7 +47,7 @@ SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
- SSLProtocol +SSLv3 +TLSv1
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
DocumentRoot "/srv/planet/site/"
diff --git a/configs/web/fedorahosted.org.conf b/configs/web/fedorahosted.org.conf index f3476c2..b5ac057 100644 --- a/configs/web/fedorahosted.org.conf +++ b/configs/web/fedorahosted.org.conf @@ -23,7 +23,7 @@ Listen 443 SSLCertificateChainFile /etc/httpd/conf.d/fedorahosted.org/wildcard-2014.fedorahosted.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
- SSLProtocol +SSLv3 +TLSv1
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Header add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
diff --git a/configs/web/git.fedorahosted.org.conf b/configs/web/git.fedorahosted.org.conf index bba8519..f670515 100644 --- a/configs/web/git.fedorahosted.org.conf +++ b/configs/web/git.fedorahosted.org.conf @@ -21,7 +21,7 @@ Alias /robots.txt /srv/web/fedorahosted.org/robots.txt SSLCertificateChainFile /etc/httpd/conf.d/fedorahosted.org/wildcard-2014.fedorahosted.org.intermediate.cert SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
- SSLProtocol +SSLv3 +TLSv1
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Alias /cgit-data /usr/share/cgit ScriptAlias /cgit /var/www/cgi-bin/cgit
diff --git a/configs/web/koji-ssl.conf b/configs/web/koji-ssl.conf index 93696c8..307e82d 100644 --- a/configs/web/koji-ssl.conf +++ b/configs/web/koji-ssl.conf @@ -97,7 +97,7 @@ SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 +SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
# SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. diff --git a/configs/web/pkgs.fedoraproject.org/lookaside-upload.conf b/configs/web/pkgs.fedoraproject.org/looka index bf41146..bfb44d6 100644 --- a/configs/web/pkgs.fedoraproject.org/lookaside-upload.conf +++ b/configs/web/pkgs.fedoraproject.org/lookaside-upload.conf @@ -29,8 +29,7 @@ SSLCryptoDevice builtin SSLCARevocationFile /etc/pki/tls/crl.pem
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-
- SSLProtocol +SSLv3 +TLSv1
- SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
# Must be 'optional' everywhere in order to have POST operations work to upload.cgi SSLVerifyClient optional diff --git a/modules/httpd/templates/website.conf.erb b/modules/httpd/templates/website.conf.erb index 668c090..817b5ef 100644 --- a/modules/httpd/templates/website.conf.erb +++ b/modules/httpd/templates/website.conf.erb @@ -42,7 +42,7 @@ # https://fedorahosted.org/fedora-infrastructure/ticket/4101#comment:14 # If you change the protocols or cipher suites, you should probably update # modules/squid/files/squid.conf-el6 too, to keep it in sync.
- SSLProtocol +SSLv3 +TLSv1
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
Include "conf.d/<%= name %>/*.conf"
diff --git a/modules/puppet/files/puppetmaster.conf b/modules/puppet/files/puppetmaster.conf index 4294a14..08a6d3b 100644 --- a/modules/puppet/files/puppetmaster.conf +++ b/modules/puppet/files/puppetmaster.conf @@ -58,6 +58,7 @@ user apache ServerName master.puppetmanaged.org SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
- SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2 SSLCertificateFile /var/lib/puppet/ssl/certs/puppet.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
diff --git a/modules/squid/files/squid.conf-el6 b/modules/squid/files/squid.conf-el6 index 80b8e86..123af78 100644 --- a/modules/squid/files/squid.conf-el6 +++ b/modules/squid/files/squid.conf-el6 @@ -1,5 +1,5 @@ http_port 80 defaultsite=kojipkgs.fedoraproject.org -https_port 443 defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2014.squid.cert key=/etc +https_port 443 defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2014.squid.cert key=/etc
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=kojipkgs hierarchy_stoplist cgi-bin ?
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
FYI, I have tested the koji change (along with a change of ciphers) in stg and it seems fine with it.
I'm not sure how squid/koji will react, as we tried to update them a few days ago and it ended up breaking squid. I'll likely do squid and koji last and be ready to revert if they break.
kevin
On Tue, 14 Oct 2014 19:49:05 -0600 Kevin Fenzi kevin@scrye.com wrote:
FYI, I have tested the koji change (along with a change of ciphers) in stg and it seems fine with it.
Sadly, I didn't test auth connections, and they are broken.
Seems koji hard codes SSLv3 as the one and only ssl method. ;(
We will need to get a patch for koji before we can switch it over.
Everything else should be done.
kevin
On Tue, Oct 14, 2014 at 9:03 PM, Kevin Fenzi kevin@scrye.com wrote:
Sadly, I didn't test auth connections, and they are broken.
Seems koji hard codes SSLv3 as the one and only ssl method. ;(
We will need to get a patch for koji before we can switch it over.
I fixed connecting to a private instance with the attached patch. I was able to submit a scratch build to the Fedora koji with it applied too.
Note that it only forces TLSv1 because pyOpenSSL in F20 doesn't seem to support TLSv1.1 or TLSv1.2. :-(
-T.C.
On Tue, 14 Oct 2014 23:06:08 -0700 "T.C. Hollingsworth" tchollingsworth@gmail.com wrote:
On Tue, Oct 14, 2014 at 9:03 PM, Kevin Fenzi kevin@scrye.com wrote:
Sadly, I didn't test auth connections, and they are broken.
Seems koji hard codes SSLv3 as the one and only ssl method. ;(
We will need to get a patch for koji before we can switch it over.
I fixed connecting to a private instance with the attached patch. I was able to submit a scratch build to the Fedora koji with it applied too.
Note that it only forces TLSv1 because pyOpenSSL in F20 doesn't seem to support TLSv1.1 or TLSv1.2. :-(
-T.C.
Yeah, I attached pretty much an identical patch to:
https://bugzilla.redhat.com/show_bug.cgi?id=1152823
Dennis might have a patch he did a while back to just switch it to use pycurl.
Sadly, since this is on the client end, we will have to:
* Build updates with whatever fix we need for all branches. * Push them out and wait for them to get into the hands of maintainers. * Cut things over to disallow SSLv3 (breaking all people who didn't upgrade).
Perhaps we can figure out a way to keep SSLv3 enabled, but disable ciphers that are susceptable?
:(
kevin kevin
On Wed, Oct 15, 2014 at 7:03 AM, Kevin Fenzi kevin@scrye.com wrote:
Perhaps we can figure out a way to keep SSLv3 enabled, but disable ciphers that are susceptable?
Disabling CBC ciphers should do the trick: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploitin...
-T.C.
On Wed, 15 Oct 2014 08:31:20 -0700 "T.C. Hollingsworth" tchollingsworth@gmail.com wrote:
On Wed, Oct 15, 2014 at 7:03 AM, Kevin Fenzi kevin@scrye.com wrote:
Perhaps we can figure out a way to keep SSLv3 enabled, but disable ciphers that are susceptable?
Disabling CBC ciphers should do the trick: http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploitin...
I asked some folks smarter than me, and they seemed to think this was not sufficent. :(
kevin
Hi,
On Tue, Oct 14, 2014 at 10:03:19PM -0600, Kevin Fenzi wrote:
On Tue, 14 Oct 2014 19:49:05 -0600 Kevin Fenzi kevin@scrye.com wrote:
FYI, I have tested the koji change (along with a change of ciphers) in stg and it seems fine with it.
Sadly, I didn't test auth connections, and they are broken.
Seems koji hard codes SSLv3 as the one and only ssl method. ;(
We will need to get a patch for koji before we can switch it over.
the current issue only allows an attack against the secrecy of SSL communication. This does not seem to be a problem for koji as used in Fedora, since it uses client certificates for authentication and therefore there should be no secret cookie that could be obtained. Also the attack requires the attacker to be able to make the victim send special SSL messages/HTTP requests, which is also not feasible if only the koji command line client is used, which is how most if not all people access koji when they are authenticated.
All in all it would be good to patch the client and pyopenssl to properly support TLS 1.2 but I do not see an imminent threat to koji.
Regards Till
On Wed, 15 Oct 2014 17:47:37 +0200 Till Maas opensource@till.name wrote:
the current issue only allows an attack against the secrecy of SSL communication. This does not seem to be a problem for koji as used in Fedora, since it uses client certificates for authentication and therefore there should be no secret cookie that could be obtained. Also the attack requires the attacker to be able to make the victim send special SSL messages/HTTP requests, which is also not feasible if only the koji command line client is used, which is how most if not all people access koji when they are authenticated.
My thought was that someone could get another users cert. Which, if the user was an admin would allow them to do all sorts of bad things.
The cert itself isn't exposed via this?
All in all it would be good to patch the client and pyopenssl to properly support TLS 1.2 but I do not see an imminent threat to koji.
Good to hear.
kevin
On Wed, Oct 15, 2014 at 11:15:44AM -0600, Kevin Fenzi wrote:
On Wed, 15 Oct 2014 17:47:37 +0200 Till Maas opensource@till.name wrote:
the current issue only allows an attack against the secrecy of SSL communication. This does not seem to be a problem for koji as used in Fedora, since it uses client certificates for authentication and therefore there should be no secret cookie that could be obtained. Also the attack requires the attacker to be able to make the victim send special SSL messages/HTTP requests, which is also not feasible if only the koji command line client is used, which is how most if not all people access koji when they are authenticated.
My thought was that someone could get another users cert. Which, if the user was an admin would allow them to do all sorts of bad things.
The cert itself isn't exposed via this?
Technically it would be the private key that needs to be protected, and since it is not transfered in TLS messages it stays protected against this attack.
Regards Till
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 14 Oct 2014 21:41:56 -0400 Ricky Elrod codeblock@elrod.me wrote:
+1 here, though additional testing of the koji change can't hurt.
+1 also
Dennis
On 14 October 2014 19:32, Kevin Fenzi kevin@scrye.com wrote:
There's been a vulnerability discovered in SSLv3 that basically allows attackers to decrypt it. ;(
I would like to apply the following and disable it on our sites for now until and unless we find a better solution in coming days.
Note that I am likely going to try and test the koji change in stg first and might adjust it some.
I'll also likely apply this soon anyhow as it's a security issue, but more eye's +1's welcome.
Reviewed. +1 from what I can tell.
infrastructure@lists.fedoraproject.org