generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable SSLv2 default build, default negotiation and weak ciphers.

Browse Source 
SSLv2 is by default disabled at build-time.  Builds that are not
configured with "enable-ssl2" will not support SSLv2.  Even if
"enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either
of:

    SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
    SSL_clear_options(ssl, SSL_OP_NO_SSLv2);

as appropriate.  Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search
key recovery have been removed.  Specifically, the SSLv2 40-bit
EXPORT ciphers, and SSLv2 56-bit DES are no longer available.

Mitigation for CVE-2016-0800

Reviewed-by: Emilia Käsper <emilia@openssl.org>
This commit is contained in:
Viktor Dukhovni
2016-02-17 21:07:48 -05:00
committed by Matt Caswell
parent c175308407
commit 9dfd2be8a1
6 changed files with 42 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
CHANGES
View File

@@ -4,6 +4,23 @@
Changes between 1.0.2f and 1.0.2g [xx XXX xxxx] Changes between 1.0.2f and 1.0.2g [xx XXX xxxx]
* Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
is by default disabled at build-time. Builds that are not configured with
"enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client and
server variants, SSLv2 ciphers vulnerable to exhaustive search key
recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
ciphers, and SSLv2 56-bit DES are no longer available.
[Viktor Dukhovni]
*) Disable SRP fake user seed to address a server memory leak. *) Disable SRP fake user seed to address a server memory leak.
Add a new method SRP_VBASE_get1_by_user that handles the seed properly. Add a new method SRP_VBASE_get1_by_user that handles the seed properly.

1
Configure
View File

@@ -784,6 +784,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
"sctp" => "default", "sctp" => "default",
"shared" => "default", "shared" => "default",
"ssl-trace" => "default", "ssl-trace" => "default",
"ssl2" => "default",
"store" => "experimental", "store" => "experimental",
"unit-test" => "default", "unit-test" => "default",
"zlib" => "default", "zlib" => "default",

2
NEWS
View File

@@ -7,7 +7,7 @@
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [under development] Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [under development]
o o Disable SSLv2 default build, default negotiation and weak ciphers.
Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016] Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]

6
ssl/s2_lib.c
View File

@@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
128, 128,
}, },
# if 0
/* RC4_128_EXPORT40_WITH_MD5 */ /* RC4_128_EXPORT40_WITH_MD5 */
{ {
1, 1,
@@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
40, 40,
128, 128,
}, },
# endif
/* RC2_128_CBC_WITH_MD5 */ /* RC2_128_CBC_WITH_MD5 */
{ {
@@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
128, 128,
}, },
# if 0
/* RC2_128_CBC_EXPORT40_WITH_MD5 */ /* RC2_128_CBC_EXPORT40_WITH_MD5 */
{ {
1, 1,
@@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
40, 40,
128, 128,
}, },
# endif
# ifndef OPENSSL_NO_IDEA # ifndef OPENSSL_NO_IDEA
/* IDEA_128_CBC_WITH_MD5 */ /* IDEA_128_CBC_WITH_MD5 */
@@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
}, },
# endif # endif
# if 0
/* DES_64_CBC_WITH_MD5 */ /* DES_64_CBC_WITH_MD5 */
{ {
1, 1,
@@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_ciphers[] = {
56, 56,
56, 56,
}, },
# endif
/* DES_192_EDE3_CBC_WITH_MD5 */ /* DES_192_EDE3_CBC_WITH_MD5 */
{ {

10
ssl/ssl_conf.c
View File

@@ -330,11 +330,19 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2) SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2)
}; };
int ret;
int sslv2off;
if (!(cctx->flags & SSL_CONF_FLAG_FILE)) if (!(cctx->flags & SSL_CONF_FLAG_FILE))
return -2; return -2;
cctx->tbl = ssl_protocol_list; cctx->tbl = ssl_protocol_list;
cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl); cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl);
return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
sslv2off = *cctx->poptions & SSL_OP_NO_SSLv2;
ret = CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
/* Never turn on SSLv2 through configuration */
*cctx->poptions |= sslv2off;
return ret;
} }
static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)

7
ssl/ssl_lib.c
View File

@@ -2054,6 +2054,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
*/ */
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT; ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
/*
* Disable SSLv2 by default, callers that want to enable SSLv2 will have to
* explicitly clear this option via either of SSL_CTX_clear_options() or
* SSL_clear_options().
*/
ret->options |= SSL_OP_NO_SSLv2;
return (ret); return (ret);
err: err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE); SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);