CVE-2014-0160 Heartbleed bug in OpenSSL

[redpaint]

Hello Scott,

Thank you for the sh script to regen the tortixd certificates. For reference what do these certificates do/secure, is it the GUI or the connection to your servers?

Thanks

[mikeshinn]

Just the ASL web console.

[prupert]

your configuration does indeed break compatibility with some older browsers (all on Windows XP, some older Android and Java; nothing too worry about too much)

Yep. The ones it doesnt work with are probably OK for most users, but because some sites might want those, we wouldnt want to force this configuration on anyone.

but still does not force PFS for every client.

That configuration forces PFS for browsers that (1) support PFS and (2) if they support the ciphers that apache 2.2 supports that require PFS. If they dont, it will fall back to some very specific non-PFS ciphers when those two conditions are not true, but not all ciphers or protocols and because some of those ciphers are all those older browsers support, and they are BadCiphers(TM) they are disable - and those browsers dont work. This is the best you can do with apache 2.2. If you force PFS for everything, you'll lose a whole bunch of browsers that just dont support with the ciphers apache 2.2 supports.

Wouldn't it even be more secure to allow only TLS 1.2 in the following setup:

Code: Select all

SSLProtocol -ALL +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5:!RC4

(I noticed that httpd-2.2.15-30.el6 refused to start with +TLSv1.2, although the documentation at http://httpd.apache.org/docs/2.2/mod/mo ... slprotocol seems to suggest that it is a valid value.)

Is it possible to control how ASL is overwriting the mod_ssl configuration, so that you can allow users to use their own configuration? Or perhaps even offering your suggestion as a configurable parameter in ASL?

[mikeshinn]

Wouldn't it even be more secure to allow only TLS 1.2 in the following setup:

Yes, but its not a huge difference. Its moot though, because the el6 apache 2.2 builds dont support 1.2 only. It supports TLS as a group (1.0, 1.1 and 1.2). So you will be enabling 1.2, and the browsers that support it will use it. So for all intensive purposes, you're good to go, but you'll also be enabling 1.0 and 1.1 for the browsers that dont. Which is far more important, because very few browsers support TLS 1.2. Right now, the only ones that do are:

chrome 30+
Mozilla 27+
IE11
Opera 17
Safari 7 (on iOS 5/6/7 and MacOS 10.9 only, the Windows build does not support TLS 1.2)

You can get IE 10-8 to do it, but its disabled by default, and since its likely that if its not turned on the users probably doest know how to turn this on, or even that they should if they cant connect to your TLS enabled web server. So for those users, they might as well not have TLS 1.2 support anyway. If its not enabled by default, they'll get an error and probably not know why.

So in practical terms, even if 2.2 supported it (the el6 builds dont), unless you know your users only use the latest browsers, limiting to just 1.2 would be cutting off quite a few people.

(I noticed that httpd-2.2.15-30.el6 refused to start with +TLSv1.2, although the documentation at http://httpd.apache.org/docs/2.2/mod/mo ... slprotocol seems to suggest that it is a valid value.)

Forcing 1.2 only is not supported in the versions of 2.2 available on el6 platforms. So you cant force it anyway. Its TLS 1.0, 1.1 and 1.2 as a group.

Is it possible to control how ASL is overwriting the mod_ssl configuration, so that you can allow users to use their own configuration? Or perhaps even offering your suggestion as a configurable parameter in ASL?

Sure, just open a feature request. Right now we just change them to meet PCI requirements, which as you noted gets you an A- and still works with all the browsers out there.

[prupert]

Sure, just open a feature request. Right now we just change them to meet PCI requirements, which as you noted gets you an A- and still works with all the browsers out there.

PCI requirements allow SSLv3 and RC4? Blegh...

Feature request added via the bug tracker no. 1518.

[Highland]

So I'm curious is SSL3 is safe to turn off. What are the risks of leaving it on? RC4 seems more risky than that.

[mikeshinn]

Just compatibility with some older browsers.

We've added a page on this vulnerability:

https://www.atomicorp.com/wiki/index.ph ... -2014-0160