Bug 1001841 - Disable SSL2 and the export cipher suites
Disable SSL2 and the export cipher suites
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Elio Maldonado Batiz
Hubert Kario
:
Depends On:
Blocks: 1189952
  Show dependency treegraph
 
Reported: 2013-08-27 19:06 EDT by Elio Maldonado Batiz
Modified: 2016-09-30 07:16 EDT (History)
8 users (show)

See Also:
Fixed In Version: nss-3.15.2-8.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1189952 (view as bug list)
Environment:
Last Closed: 2014-06-13 06:53:19 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
disable ssl2 and export ciphers - ssl library part (2.01 KB, patch)
2013-10-01 11:52 EDT, Elio Maldonado Batiz
rrelyea: review+
Details | Diff
disable ssl2 and export ciphers - tests/ssl part (757 bytes, patch)
2013-10-01 11:58 EDT, Elio Maldonado Batiz
rrelyea: review+
Details | Diff
disable ssl2 and export ciphers - nss.spec changes in patch format (1.74 KB, patch)
2013-10-01 12:00 EDT, Elio Maldonado Batiz
rrelyea: review+
Details | Diff
disable ssl2 and export ciphers - ssl library part (2.01 KB, patch)
2013-11-02 19:56 EDT, Elio Maldonado Batiz
emaldona: review-
Details | Diff
disable ssl2 and export ciphers - tests/ssl part V2 (581 bytes, patch)
2013-11-02 19:59 EDT, Elio Maldonado Batiz
no flags Details | Diff
return correct value and set err info (550 bytes, patch)
2013-11-05 17:28 EST, Eric Paris
rrelyea: review+
Details | Diff

  None (edit)
Description Elio Maldonado Batiz 2013-08-27 19:06:30 EDT
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Elio Maldonado Batiz 2013-10-01 11:52:00 EDT
Created attachment 806067 [details]
disable ssl2 and export ciphers - ssl library part
Comment 3 Elio Maldonado Batiz 2013-10-01 11:58:12 EDT
Created attachment 806069 [details]
disable ssl2 and export ciphers  - tests/ssl part

Note that in this patch must skip some tests because at build time both server and client are both build linked with libssl without ssl2 support. 

We now need some tests to be run where either server or client  requires ssl2 and so and the request is denied. Such tests must be run outside the build. Perhaps two different virtual machines. I must work out the details in consultation with QE.
Comment 4 Elio Maldonado Batiz 2013-10-01 12:00:04 EDT
Created attachment 806070 [details]
disable ssl2 and export ciphers - nss.spec changes in patch format
Comment 5 Karel Srot 2013-10-03 01:54:28 EDT
Hi Elio,
could you please provide some background on this one?
Comment 6 Hubert Kario 2013-10-03 05:05:57 EDT
Karel, the problem is, that to verify that SSL2 is disabled both client and server side, you need to have a client and server that can use SSL2. Because NSS will be build without any support for SSL2 we won't be able to use selfserv or tstclnt applications to test if it is indeed disabled. Export ciphers present the same quandary.

I'm currently working on interoperability tests of NSS with openssl. As far as I know, there are no plans to remove ssl2 capability or export ciphers from OpenSSL (they are already disabled in the default cipher preference). Extending this test to check if SSL2 connections are denied on RHEL 7 should be easy.

That's why I don't think separate machines, one with SSL2 enabled NSS and one with SSL2 disabled NSS, will be necessary to test it. Not to mention that openssl solution should be easier to maintain as time goes on.
Comment 8 Elio Maldonado Batiz 2013-10-03 12:13:55 EDT
The comments below are for our own underatanding. I still have to write the approriate text for the release notes.

This bug, and the attached patches to disable support for SSL 2 and export ciphers, in NSS libssl library itselfand not just relying on the default configuration - wich has it disabled and can be changed was requested by Bob.  Bob emphasized doing it before we go beta. This being a major change, doing by beta gives us early feedback from our partners and customers whether this will cause undue problems for them. 

A good read on SSL2 flaws is https://www.schneier.com/paper-ssl.pdf
A Mozilla wiki page on SSL2-only sites, which may be dated, is 
https://wiki.mozilla.org/Necko:SSL_v2_Sites.

Bob, please clarify further and correct any misundersatanding on my part.
Comment 10 Bob Relyea 2013-10-04 18:18:26 EDT
Right Elio.

Turning off SSL2 is a requirement for using TLS 1.0 or 1.1 (or even 1.2), so the presumption is that it's actually been off for most customers for a while now. At some point upstream wants to actually remove the code, so we want to make sure it doesn't actually get enabled by anyone in RHEL 7 (even accidentally).

bob
Comment 11 Bob Relyea 2013-10-09 18:45:56 EDT
Comment on attachment 806067 [details]
disable ssl2 and export ciphers - ssl library part

r+ except you need to fix the dangling _ in NO_SSL2 define in the make file.
Comment 12 Bob Relyea 2013-10-09 18:47:29 EDT
Comment on attachment 806069 [details]
disable ssl2 and export ciphers  - tests/ssl part

r+ rrelyea
Comment 13 Bob Relyea 2013-10-09 18:48:20 EDT
Comment on attachment 806070 [details]
disable ssl2 and export ciphers - nss.spec changes in patch format

r+ rrelyea
Comment 15 Hubert Kario 2013-10-31 11:24:09 EDT
I can connect to selfserv using SSLv2 and export cipher suite:

nss-3.15.2-2.el7.x86_64
nss-softokn-3.15.2-1.el7.x86_64
# openssl s_client -ssl2 -connect localhost:443 -CAfile nss-certs/rsaca.pem -cipher EXP-RC4-MD5
CONNECTED(00000003)
depth=1 CN = RSA Testing CA
verify return:1
depth=0 CN = localhost, O = RSA Testing
verify return:1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC9TCCAd2gAwIBAgICB9EwDQYJKoZIhvcNAQEFBQAwGTEXMBUGA1UEAxMOUlNB
IFRlc3RpbmcgQ0EwHhcNMTMxMDMxMTA0MTI0WhcNMTQxMDMxMTA0MTI0WjAqMRIw
EAYDVQQDEwlsb2NhbGhvc3QxFDASBgNVBAoTC1JTQSBUZXN0aW5nMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSbE5HGwL5fkK7uKI4g6jLpemB6t2tSd
iCL71yqRUj4j8sEIXwF2FJ4sjd6NUxD1jYFuLNkIV8bPg5Y4b2lr+0HFQkpA5ne9
49+WLiPwvY/ri+SIKut3mFDkoDNfLGuoEXW63n8ARrOn4BSznbKQ7RUuBSbvqX4a
JArORJZtmjwFR5sGaxPLVaQ3fLE/QIAiEvdn2BRRh92tdgRnYpaJiCQym92ovIf5
eMG+FCey/DzmhcUT2JTdy+Neo6UVygOyduJ+zsqWeYE3XdB7OWsAQp20Rc/mu3JR
kO9b76rinQmco+YApZrASrP7rCWcVtL18KfsO2WfajNOXBka2U+xQQIDAQABozYw
NDAUBgNVHREEDTALgglsb2NhbGhvc3QwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8E
BAMCA7gwDQYJKoZIhvcNAQEFBQADggEBAE1CjEZaU83h6EBV9LJBP2JEkKr2Ggrf
J5p5hvR0k48GHN/CbxvlDhlhOJe7DG88vsA1DwkeyCydjKMwasef9EjpSntKJ6hu
zkqwxB2TgT2xU0WxMQrucThkMxW/G1iYWYDnjLLZ7TOpUWrW/WcfB/TULcYMyWb9
S6rlEkHBnlHhmz0IoNXi1G6+W+8QoyjFaWLdiDt2fR64v9vLsE0qvUESudHOXxHS
o8zs2Puun+QGlp/hcR6xLRbvoRkXBCpfM39s45JcVftPJP5dppBPnqCGYB6a4rt+
xIjkmz0y11qhWXL1Lt3vrXeI4kBqVuSjc45K27HEQ/1p0WBV7TBXUbw=
-----END CERTIFICATE-----
subject=/CN=localhost/O=RSA Testing
issuer=/CN=RSA Testing CA
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
EXP-RC4-MD5
---
SSL handshake has read 863 bytes and written 344 bytes
---
New, SSLv2, Cipher is EXP-RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv2
    Cipher    : EXP-RC4-MD5
    Session-ID: 2494F8D8D8F85946B722CE32C56D2D01
    Session-ID-ctx: 
    Master-Key: 481690F0E9E2E12B0D6A0C71FCC7562A
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1383232807
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
GET / HTTP/1.0

HTTP/1.0 200 OK
Server: Generic Web Server
Date: Tue, 26 Aug 1997 22:10:05 GMT
Content-type: text/plain

GET / HTTP/1.0

EOF


closed
Comment 16 Elio Maldonado Batiz 2013-11-01 15:14:42 EDT
The test failed because SSL2 wasn't truly disabled and the reason is in Comment 11. I hadn't removed dangling underscore - ifdef NSS_NO_SSL2_. When I did many test failed which means Attachment 806069 [details] for the tests isn't sufficient.
Comment 17 Elio Maldonado Batiz 2013-11-02 19:56:48 EDT
Created attachment 818672 [details]
disable ssl2 and export ciphers - ssl library part

remove the dangling underscore that bob found in the review.
Comment 18 Elio Maldonado Batiz 2013-11-02 19:59:13 EDT
Created attachment 818675 [details]
disable ssl2 and export ciphers - tests/ssl part V2

This one truly skips ssl2 and export cipher tests.
Comment 20 Elio Maldonado Batiz 2013-11-03 16:45:12 EST
Comment on attachment 818672 [details]
disable ssl2 and export ciphers - ssl library part

r-, Toough the build may have succeeded but looking closely at the build.log 
http://download.devel.redhat.com/brewroot/packages/nss/3.15.2/6.el7/data/logs/i686/build.log
...
bash reports a syntax error!
....
./ssl.sh: line 282: syntax error near unexpected token `('
./ssl.sh: line 282: ` [ "${NSS_NO_SSL2}" = "1" -a ((-n $EXP) -o (-n $SSL)) ] && continue'
TIMESTAMP ssl END: Sat Nov  2 18:47:12 EDT 2013
...
I think it should have been
[ [ "${NSS_NO_SSL2}" = "1" ] && ( [ -n ${EXP} ] || [ -n ${SSL} ] ) ] && continue
Comment 21 Eric Paris 2013-11-05 17:28:44 EST
Created attachment 820052 [details]
return correct value and set err info

V2 is not quite correct.  SSL_CipherPolicySet is now returning SSL_ERROR_SSL2_DISABLED even though it should be returning SECFailure.  We should also be calling PORT_SetError() so that the error can get reported later if needed rather than leaving whatever the last transient error may have been.

This patch goes on TOP of v2
Comment 22 Bob Relyea 2013-11-05 17:56:37 EST
Comment on attachment 820052 [details]
return correct value and set err info

r+ rrelyea
Comment 23 Elio Maldonado Batiz 2013-11-05 21:45:09 EST
A scratch build that incorporates Kai's patch for Bug 1026677 along with with Eric's correction to one of my patches is available at 
https://brewweb.devel.redhat.com/taskinfo?taskID=6532388
Comment 24 Frank Ch. Eigler 2013-11-06 07:36:13 EST
Please note that several rhel rpms do use NSS_SetExportPolicy() for
better or for worse, and these are now broken.  (systemtap & pcp at
least)
Comment 25 Hubert Kario 2013-11-06 08:22:20 EST
(In reply to Elio Maldonado Batiz from comment #23)
> A scratch build that incorporates Kai's patch for Bug 1026677 along with
> with Eric's correction to one of my patches is available at 
> https://brewweb.devel.redhat.com/taskinfo?taskID=6532388

Build works correctly on x86_64 (both SSL2 and export ciphers are disabled), I won't be starting tests on ppc64 and s390x until we have a normal build.
Comment 27 Ludek Smid 2014-06-13 06:53:19 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.