> From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton > Sent: Monday, 30 April, 2012 02:39
> On Sun, Apr 29, 2012 at 5:40 PM, Mike Hoy <mho...@gmail.com> wrote: > > We use McAfee to scan our website for vulnerabilities. They > claim the > > following: > >> > >> Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 > if supported. > >> Configure SSL/TLS servers to only support cipher suites > that do not use > >> block ciphers. Apply patches if available. > > > > I ran #openssl version and it says we are using OpenSSL > 0.9.8e-fips-rhel5 01 > > Jul 2008. > > > > Do we need to upgrade our OpenSSL to upgrade our TLS/SSL > server? Sorry if If you want TLS 1.1 and/or 1.2 (I agree McAfee is probably reacting (late) to the BEAST CBC-chaining-oracle issue for which 1.1 is actually sufficient to fully fix) you need openssl 1.0.1*. If your app currently uses 0.9.8* moving to 1.0* requires at least recompiling, and possibly other changes. But TLS>=1.1 is only usable if (all) your clients/users support it, and IME this is often not the case; YMMV. "Not ... block ciphers", which means RC4, is IME very widely supported, and avoids BEAST in any protocol version. Major browsers have now been fixed to do data-splitting which defeats client-side BEAST in any version, and there doesn't appear to be a server-side attack unless you let untrustworthy users run arbitrary code on your server which is a bad idea for many other reasons, so there may be no real need (as opposed to a paper need) to do anything. > > the question is way off-base but I am not a system > administrator normally. > > This is new to me. We use CentOS and #yum install openssl > claims it is > > already at the higest version. Any suggestions appreciated. I'd be surprised if CentOS doesn't have anything newer than 0.9.8e. There have been many fixes since then, probably most important the prepend-to-client-negotiation issue (aka secure renegotiation, RFC5746) that mostly affected Apache. But that's up to them. You can definitely get new(er) source from www.openssl.org and build it yourself. But that's more work, and if your system is otherwise package-managed making a special case here may be more trouble than it's worth. > Use a SSL/TLS scanner to verify SSL is not available; and TLS ciphers > are available. Since you are using a FIPS build, MD5 and lesser > friends should not be available. You can use openssl from the command > line, or a tool such as http://sourceforge.net/projects/sslscan/ or > http://code.google.com/p/sslyze/. > You should definitely configure so SSLv2 is not available, and probably test to verify. There is very little technical difference between SSLv3 and TLSv1.0, and I've never seen anyone care about the distinction between them except NIST 800-57p3 because they're rigid about old KDF's use of MD5. A FIPS *build* doesn't automatically impose the restrictions, only if you also enable FIPS *mode*. If you do, that prohibits MD5 suites, and (I hope?) SSLv3 KDF, but also RC4 suites, which eliminates that option for addressing BEAST. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
