SSLv3漏洞检测及修复
Oct172014
[摘要] Google发布了一份关于 SSLv3 漏洞的简要分析报告。据Google的说法,该漏洞贯穿于所有的 sslv3 版本中,利用该漏洞,黑客可以通过中间人攻击等类似的方式(只要劫持到的数据加密两端均使用SSL3.0),便可以成功获取到传输数据(例如cookies)。目前的临时解决方法是关闭客户端 SSLv3 支持或者服务器 SSLv3 的支持。
我写了一个检查server端SSL协议是否支持 sslv3 的python工具,脚本地址为:
https://github.com/2hei/sslv3check
脚本的简单介绍:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
Something needed: (1) timeout command needed. Ubuntu/Debian: apt-get install timeout CentOS: Download timeout rpm for CentOS5.x: wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/crt0solutions:/extras/CentOS_CentOS-5/x86_64/timeout-8.4-20.3.crt0.x86_64.rpm rpm -ivh timeout-8.4-20.3.crt0.x86_64.rpm (2) Python2.6+ ENV Usage: python sslv3_leak_check.py The script use command to check sslv3 protocol: openssl s_client -connect ip:port -ssl3 Check result: ip list of sslv3 leak output file: sslv3ips good iplist of sslv3 output file: nosslv3ips |
根据mozilla的文章,地址:https://wiki.mozilla.org/Security/Server_Side_TLS。
该漏洞在主流的http server的修复方法如下:
Nginx
Nginx provides the best TLS support at the moment. It is the only daemon that provides OCSP Stapling, custom DH parameters, and the full flavor of TLS versions (from OpenSSL).
The detail of each configuration parameter, and how to build a recent Nginx with OpenSSL, is at the end of this document.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
server { listen 443; ssl on; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /path/to/signed_cert_plus_intermediates; ssl_certificate_key /path/to/private_key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:50m; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /path/to/dhparam.pem; # Intermediate configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; ssl_prefer_server_ciphers on; # Enable this if your want HSTS (recommended) # add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; ## verify chain of trust of OCSP response using Root CA and Intermediate certs ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates; resolver <IP DNS resolver>; .... } |
Apache
Apache supports OCSP Stapling, but only in httpd 2.3.3 and later.
In Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter. The configuration below is recommended.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
<VirtualHost *:443> ... SSLEngine on SSLCertificateFile /path/to/signed_certificate SSLCertificateChainFile /path/to/intermediate_certificate SSLCertificateKeyFile /path/to/private/key SSLCACertificateFile /path/to/all_ca_certs # Intermediate configuration, tweak to your needs SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on SSLCompression off # OCSP Stapling, only in httpd 2.3.3 and later SSLUseStapling on SSLStaplingResponderTimeout 5 SSLStaplingReturnResponderErrors off SSLStaplingCache shmcb:/var/run/ocsp(128000) # Enable this if your want HSTS (recommended) # Header add Strict-Transport-Security "max-age=15768000" ... </VirtualHost> |
测试方法:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# openssl s_client -connect xxx.xxx.xxx.xxx:443 -ssl3 --- SSL handshake has read 3935 bytes and written 317 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : SSLv3 Cipher : DHE-RSA-AES256-SHA |
修复之后:
|
1 2 3 4 |
# openssl s_client -connect xxx.xxx.xxx.xxx:443 -ssl3 CONNECTED(00000003) 3676:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40 3676:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: |
本文固定链接: https://www.sudops.com/sslv3-leak-check-and-fix.html | 运维·速度
SSLv3漏洞检测及修复:等您坐沙发呢!
发表评论
欢迎关注 运维·速度 微信公众号
