4

In my server application using OpenSSL, to prevent the poodle attack, I added an option to fully allow/prevent SSL3 protocol. 

SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); //Prevent SSLv2
SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv3); // Prevent SSL3

The allowing of SSL3 was done to inter-op with those clients which doesn't support TLS.

There is a way to be immune to POODLE attack with SSLv3. Disallow CBC-mode cipher suites in SSLv3.

Now,if I disable CBC-mode ciphers from my application, it affects TLS as well (Have one for one Server Interface). Is there a way I can disallow CBC-mode cipher only on SSL3 connections but use them for TLS connections?

Edit:

Following shows in brief about how loading cipher suites into OpenSSL's CTX object:

Cipher-Suite-Table Configuration:
--------------------------------

rsa-rc4-md5
rsa-des-cbc3-sha
rsa-aes256-cbc-sha


get_cipher_suites(ssl_cipher_suites);

get_cipher_suites(char *ssl_cipher_suites)
{
   for(i=0; i < MAX_CIPHERS;i++) // traverse the list of cipher suites configured
   {
       strncat(ssl_cipher_suites,configured_suite[i]);
       strncat(ssl_cipher_suites,":",1);
   }
}

SSL_CTX_set_cipher_list(ctx,ssl_cipher_suites);
Prabhu
  • 226
  • 1
  • 7
  • How exactly are you disabling CBC-mode ciphers? – Polynomial Mar 23 '15 at 10:50
  • @Polynomial By controlling the input to SSL_CTX_set_cipher_list(...) – Prabhu Mar 23 '15 at 11:11
  • Can you post what you're passing to that function? From my understanding, there are two ways to do it: (1) use the `-` prefix to disable the block ciphers (AES, DES3, etc.) then follow it by `+TLSv1+TLSv1.2` and then more `-` prefixed strings to disable any ciphers globally (e.g. export), or (2) manually maintain a list of full cipher strings with flags about when they should or shouldn't be enabled, and build a full list from that depending on options. – Polynomial Mar 23 '15 at 11:21
  • Can you afford simply disabling SSL3? – CodesInChaos Mar 23 '15 at 11:23
  • @Polynomial Added the code sample of how the cipher suites are added to OpenSSL – Prabhu Mar 23 '15 at 12:02
  • @CodesInChaos I preferred that. But there are some devices out there which talk only SSL3. Hence the requirement to be compatible with them – Prabhu Mar 23 '15 at 12:03
  • 1
    **Duplicate** of http://security.stackexchange.com/questions/42083/openssl-enable-cipher-suites-per-protocol-version which was motivated by BEAST. The answer still is you can't do it with configuration. Note for SSL3 (and TLS1.0 and 1.1) the only non-padded option is RC4, and RC4 is today much more badly weakened by the RHUL group than 3 years ago when it was recommended to mitigate BEAST; OTOH POODLE appears nastier. @Polynomial there are quite a few ways to build an OpenSSL cipherlist but none of them can enable a ciphersuite for only some versions. – dave_thompson_085 Mar 23 '15 at 15:54
  • 2
    @Prabhu You can't do it using the API, you have to patch openssl. The patch will be in a similar place as this one that disabled RC4 for TLS1.1+: https://github.com/cloudflare/openssl-deprecate-rc4/blob/master/disable_rc4.patch – Z.T. Mar 30 '15 at 22:28

0 Answers0