On 08/12/14 12:36, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 11:42:28AM +0100, Daniel Pocock wrote:
>> On 08/12/14 11:12, Kurt Roeckx wrote:
>>> On Mon, Dec 08, 2014 at 09:16:45AM +0100, Daniel Pocock wrote:
>>>> Hi all,
>>>>
>>>> I've made some changes to TLS code in reSIProcate
>>>>
>>>> - setting OpenSSL's SSL_OP_NO_SSLv3 by default when using SSLv23_method()
>>> This has no effect in jessie. SSLv2 and SSLv3 are disabled if you
>>> use the SSLv23_* methods. The only way to enable SSLv3 is to use
>>> the SSLv3_* methods. You should always use the SSLv23 method as
>>> those are the only that support more than 1 protocol version.
>> Can you please clarify that - if somebody explicitly calls
>> SSL_CTX_clear_options with SSL_OP_NO_SSLv3 will they get back support
>> for SSLv3 in SSLv23_method?
> No, the library doesn't support SSLv3 in combination with the
> SSLv23 method. Setting or clearing SSL_OP_NO_SSLv3 doesn't have
> any effect.
>
Thanks for confirming that.
>>> I would love to see people stopping the SSLv3 methods, and they
>>> have been removed in experimental. I'm also working on only
>>> having the SSLv23 method available.
>> In VoIP, this is not so trivial. People have devices like IP phones and
>> ISDN gateways to use on their LAN. Some of the older ones may not
>> support anything more than SSL v3 very well.
>>
>> If these devices are used on a private VLAN then the risk of using old
>> crypto is not the same as the risk on the public Internet so I prefer to
>> give these people config options to support their hardware but disabled
>> by default.
> So why use SSL at all?
Only for cases where people may already have it configured that way.
It is not an issue for my own personal use cases.
>> Just one other point: if somebody is trying sending the client hello
>> using SSL v2 record layer but indicating support for TLS v1.0, should
>> TLSv1_method or SSLv23_method accept that?
> I would expect that both should support that.
With TLSv1_method and reSIProcate/OpenSSL on wheezy it fails with
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Error code = 336130315 file=s3_pkt.c line=348
>
>> There is an example of it here:
>> https://issues.asterisk.org/jira/browse/ASTERISK-13845
>>
>> and it looks something like this:
>>
>> Secure Sockets Layer
>> SSLv2 Record Layer: Client Hello
>> ...
>> Version: TLS 1.0 (0x0301)
>> ...
>>
>> I've noticed that the reSIProcate code using TLSv1_method refuses to
>> accept connections from peers like that.
>>
>> Should SSLv23_method support that even with v2 and v3 disabled?
> Yes it should.
>
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/54859797.6070...@pocock.pro
