1155630 – GlusterFS allows insecure SSL modes

Bug 1155630 - GlusterFS allows insecure SSL modes

Summary: GlusterFS allows insecure SSL modes

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	GlusterFS
Classification:	Community
Component:	transport
Sub Component:
Version:	3.4.5
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Assignee:	Kaleb KEITHLEY
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1155328
Blocks:	glusterfs-3.4.6
TreeView+	depends on / blocked

Reported:	2014-10-22 13:48 UTC by Kaleb KEITHLEY
Modified:	2015-12-01 16:45 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:	1155328
Environment:
Last Closed:	2015-04-13 06:41:37 UTC
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Kaleb KEITHLEY 2014-10-22 13:48:05 UTC

+++ This bug was initially created as a clone of Bug #1155328 +++

This is related to the so-called POODLE attack.

    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

To summarize, POODLE involves a downgrade from TLS to SSLv3, combined with CBC cipher modes.  Users can avoid the downgrade by using an SSL library that supports TLS_FALLBACK_SCSV, as recent versions of OpenSSL do.  For users unable to pursue that strategy, disabling CBC cipher modes is a potential workaround.

   gluster volume set SOMEVOLUME ssl.cipherlist $something

Unfortunately, calculating $something is not trivial.  The "openssl ciphers" command does not have a built-in "CBC" group to exclude, nor does it support wildcards.  Therefore, it is necessary to create a list of cipher modes that meet other criteria (e.g. "HIGH:!SSLv2") and manually delete "CBC" entries to create a new list.

For users unwilling to calculate their own cipher lists, the default cipher list in the GlusterFS TLS code should be changed to exclude CBC modes in addition to other (current) restrictions ensuring optimal security.  In the very rare case that this might cause a communication failure due to lack of compatible cipher modes between servers and clients (which would require a very unlikely combination of GlusterFS and OpenSSL versions), we should also document how to calculate and apply their own cipher list without making themselves vulnerable to POODLE.

--- Additional comment from Anand Avati on 2014-10-21 18:17:59 EDT ---

REVIEW: http://review.gluster.org/8962 (socket: disallow CBC cipher modes) posted (#1) for review on master by Jeff Darcy (jdarcy)

Comment 1 Anand Avati 2014-10-22 14:33:27 UTC

REVIEW: http://review.gluster.org/8967 (socket: disallow CBC cipher modes) posted (#1) for review on release-3.4 by Kaleb KEITHLEY (kkeithle)

Comment 2 Anand Avati 2014-10-29 12:46:42 UTC

REVIEW: http://review.gluster.org/8967 (socket: disallow CBC cipher modes) posted (#2) for review on release-3.4 by Jeff Darcy (jdarcy)

Comment 3 Anand Avati 2014-10-29 17:31:44 UTC

COMMIT: http://review.gluster.org/8967 committed in release-3.4 by Kaleb KEITHLEY (kkeithle) 
------
commit 4dc4325a4c643b25fa7b670a30cf253491740d97
Author: Kaleb S. KEITHLEY <kkeithle>
Date:   Wed Oct 22 10:25:29 2014 -0400

    socket: disallow CBC cipher modes
    
    This is related to CVE-2014-3566 a.k.a. POODLE.
    
    	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
    
    POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
    way to prevent SSLv3 fallback on a system with an unpatched version of
    OpenSSL, users of such systems can only be protected by disallowing CBC
    modes.  The default cipher-mode specification in our code has been
    changed accordingly.
    
    cherry picked from http://review.gluster.org/#/c/8962/
    BZ 1155328
    
    Change-Id: Id38a7eb3ab55058a0ee5dda9cb4c62b49b1ab9cb
    BUG: 1155630
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle>
    Reviewed-on: http://review.gluster.org/8967
    Reviewed-by: Jeff Darcy <jdarcy>

Note You need to log in before you can comment on or make changes to this bug.