Bug 1155630

Summary: GlusterFS allows insecure SSL modes
Product: [Community] GlusterFS Reporter: Kaleb KEITHLEY <kkeithle>
Component: transportAssignee: Kaleb KEITHLEY <kkeithle>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.4.5CC: bugs, gluster-bugs, jdarcy
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1155328 Environment:
Last Closed: 2015-04-13 06:41:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1155328    
Bug Blocks: 1125245    

Description Kaleb KEITHLEY 2014-10-22 13:48:05 UTC 
+++ This bug was initially created as a clone of Bug #1155328 +++

This is related to the so-called POODLE attack.

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

To summarize, POODLE involves a downgrade from TLS to SSLv3, combined with CBC cipher modes.  Users can avoid the downgrade by using an SSL library that supports TLS_FALLBACK_SCSV, as recent versions of OpenSSL do.  For users unable to pursue that strategy, disabling CBC cipher modes is a potential workaround.

   gluster volume set SOMEVOLUME ssl.cipherlist $something

Unfortunately, calculating $something is not trivial.  The "openssl ciphers" command does not have a built-in "CBC" group to exclude, nor does it support wildcards.  Therefore, it is necessary to create a list of cipher modes that meet other criteria (e.g. "HIGH:!SSLv2") and manually delete "CBC" entries to create a new list.

For users unwilling to calculate their own cipher lists, the default cipher list in the GlusterFS TLS code should be changed to exclude CBC modes in addition to other (current) restrictions ensuring optimal security.  In the very rare case that this might cause a communication failure due to lack of compatible cipher modes between servers and clients (which would require a very unlikely combination of GlusterFS and OpenSSL versions), we should also document how to calculate and apply their own cipher list without making themselves vulnerable to POODLE.

--- Additional comment from Anand Avati on 2014-10-21 18:17:59 EDT ---

REVIEW: http://review.gluster.org/8962 (socket: disallow CBC cipher modes) posted (#1) for review on master by Jeff Darcy (jdarcy)
Comment 1 Anand Avati 2014-10-22 14:33:27 UTC 
REVIEW: http://review.gluster.org/8967 (socket: disallow CBC cipher modes) posted (#1) for review on release-3.4 by Kaleb KEITHLEY (kkeithle)
Comment 2 Anand Avati 2014-10-29 12:46:42 UTC 
REVIEW: http://review.gluster.org/8967 (socket: disallow CBC cipher modes) posted (#2) for review on release-3.4 by Jeff Darcy (jdarcy)
Comment 3 Anand Avati 2014-10-29 17:31:44 UTC 
COMMIT: http://review.gluster.org/8967 committed in release-3.4 by Kaleb KEITHLEY (kkeithle) 
------
commit 4dc4325a4c643b25fa7b670a30cf253491740d97
Author: Kaleb S. KEITHLEY <kkeithle>
Date:   Wed Oct 22 10:25:29 2014 -0400

    socket: disallow CBC cipher modes
    
    This is related to CVE-2014-3566 a.k.a. POODLE.
    
    	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
    
    POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
    way to prevent SSLv3 fallback on a system with an unpatched version of
    OpenSSL, users of such systems can only be protected by disallowing CBC
    modes.  The default cipher-mode specification in our code has been
    changed accordingly.
    
    cherry picked from http://review.gluster.org/#/c/8962/
    BZ 1155328
    
    Change-Id: Id38a7eb3ab55058a0ee5dda9cb4c62b49b1ab9cb
    BUG: 1155630
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle>
    Reviewed-on: http://review.gluster.org/8967
    Reviewed-by: Jeff Darcy <jdarcy>