As of RHEL-7.0 NSS has disabled SSL2 and the export cipher suites. This has been the case since the summer of 2014. In all this time no Red Hat Customers have complained. This was intended to be done for fedora as well last year and for various reasons it didn't happen. Upstream has wanted to disable SSl2 support for quite some time and it's quite possible that this will happen later in the year, perhaps in September with the release of nss-3.18. Exact plans are timing is currently fluid. A good read on SSL2 flaws is https://www.schneier.com/paper-ssl.pdf A Mozilla wiki page on SSL2-only sites, which may be dated, is https://wiki.mozilla.org/Necko:SSL_v2_Sites.
Created attachment 988659 [details] disable ssl2 and export ciphers - ssl library part
Created attachment 988660 [details] disable ssl2 and export ciphers - tests/ssl part
Created attachment 988661 [details] fix shell syntax errors in some test scripts
Created attachment 988662 [details] changes to nss.spec in patch format
Created attachment 988957 [details] disable ssl2 and export ciphers - tests/ssl part V2 sync. up with the version for rhel-7
Created attachment 988961 [details] fix shell syntax errors in some test scripts V2 sync. up with version for rhel-7
Created attachment 988964 [details] all changes in one big patch easy to apply, cd master; patch -p1 < bz1189952.patch, not easy to read as the individual patches are
There is something wrong with the patches and when I installed the nss-3.17.4-2.fc22 on my system Firefox could not connect. I have commented out the "export NSS_NO_SSL2=1" line in the nss.spec so SSL2 is not disable a nss-3.17.4-3.fc22 build should be coming soon. This needs better testing and it's better that I wait until my team mates are available so they can do a proper review, what I should have done in the first place.
Oddly enough the problems with Firefox don't happen in RHEL-7.1 and the set of patches that I used for testing is the same same set. Is not a connection problem as far as I can tell as I can't even change preferences.
Elio said, he ran into an issue with Firefox on Fedora. The NSS changes that disable SSL 2 caused Firefox to break completely. No web pages could be loaded. The Firefox error console indicated that several services couldn't be created (a sort of internal failure). I found that Firefox calls NSS_SetDomesticPolicy(), which is NSS code that iterates over all the ciphers, and enables each of them. However, the suggested change to NSS returns an error, as soon as an attempt is made to enable SSL 2 ciphers. This causes NSS to return a failure, which is forwarded to the application, which concludes that NSS failed to initialize. Because NSS_SetDomesticPolicy() is an NSS internal function, it should be adjusted to not fail (or not trying to enable SSL 2 ciphers at all). However, looking at the function SSL_CipherPolicySet() which your patch changes, a different strategy might be better. SSL_CipherPolicySet() has code which says: If the cipher is one that has been removed, then don't enable it, and return success. Youl could do the same for the SSL 2 ciphers. However, an even better idea comes to mind: Please consider to change the existing function ssl_IsRemovedCipherSuite() to include the SSL 2 ciphers you are disabling. Then you wouldn't need to change function SSL_CipherPolicySet() at all.
(In reply to Kai Engert (:kaie) from comment #11) > SSL_CipherPolicySet() has code which says: > If the cipher is one that has been removed, then don't enable it, > and return success. > > You could do the same for the SSL 2 ciphers. That's a very simple one line fix to the disableSSL2libssl.path. Let's call it Fix OptionA. Instead of #ifdef NSS_NO_SSL2 rv = SSL_ERROR_SSL2_DISABLED; #else rv = ssl2_SetPolicy(which, policy); #endif /* NSS_NO_SSL2 */ we would have #ifdef NSS_NO_SSL2 rv = SECSucess; #else rv = ssl2_SetPolicy(which, policy); #endif /* NSS_NO_SSL2 */ > However, an even better idea comes to mind: > > Please consider to change the existing function ssl_IsRemovedCipherSuite() > to include the SSL 2 ciphers you are disabling. > > Then you wouldn't need to change function SSL_CipherPolicySet() at all. That, I call it Fix Option B, is a bit more elaborate. I looked at OpenSSL table mappings: https://testssl.sh/openssl-rfc.mappping.html and more importantly at IETF list: http://tools.ietf.org/html/rfc4346#appendix-A.5 and compares with sslprot.h to trim down ones that we don't use. The changes to the patch would be diff --git a/disableSSL2libssl.patch b/disableSSL2libssl.patch index 38d092a..2433110 100644 --- a/disableSSL2libssl.patch +++ b/disableSSL2libssl.patch @@ -99,25 +99,45 @@ diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c case SSL_NO_STEP_DOWN: ss->opt.noStepDown = on; -@@ -1168,17 +1182,21 @@ SSL_CipherPolicySet(PRInt32 which, PRInt - - if (rv != SECSuccess) { - return rv; - } - - if (ssl_IsRemovedCipherSuite(which)) { - rv = SECSuccess; - } else if (SSL_IS_SSL2_CIPHER(which)) { +@@ -1131,16 +1145,41 @@ SSL_OptionSetDefault(PRInt32 which, PRBo + /* function tells us if the cipher suite is one that we no longer support. */ + static PRBool + ssl_IsRemovedCipherSuite(PRInt32 suite) + { + switch (suite) { + case SSL_FORTEZZA_DMS_WITH_NULL_SHA: + case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA: + case SSL_FORTEZZA_DMS_WITH_RC4_128_SHA: +#ifdef NSS_NO_SSL2 -+ rv = SSL_ERROR_SSL2_DISABLED; -+#else - rv = ssl2_SetPolicy(which, policy); -+#endif /* NSS_NO_SSL2 */ - } else { - rv = ssl3_SetPolicy((ssl3CipherSuite)which, policy); ++ /* SSL2 and export cipher suites disabled */ ++ case SSL_LIBRARY_VERSION_2: ++ case SSL_EN_RC4_128_WITH_MD5: ++ case SSL_EN_RC4_128_EXPORT40_WITH_MD5: ++ case SSL_EN_RC2_128_CBC_WITH_MD5: ++ case SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5: ++ case SSL_EN_DES_64_CBC_WITH_MD5: ++ case SSL_EN_DES_192_EDE3_CBC_WITH_MD5: ++ case TLS_NULL_WITH_NULL_NULL: ++ case TLS_RSA_EXPORT_WITH_RC4_40_MD5: ++ case TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: ++ case TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: ++ case TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA: ++ case TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: ++ case TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: ++ case TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: ++ case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: ++ case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA: ++ case TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA: ++ case TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA: ++ case TLS_RSA_EXPORT1024_WITH_RC4_56_SHA: ++ case TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA: ++ case SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5: ++#endif + return PR_TRUE; + default: + return PR_FALSE; } - return rv; } .... My concert is that I'm not sure I am getting the list correctly. I'll attach the patch for Option B for your review.
Created attachment 994012 [details] disable ssl2 and export ciphers -- ssl library part
Created attachment 994013 [details] changes to nss.spec in patch format
(In reply to Elio Maldonado Batiz from comment #12) > My concert is that I'm not sure I am getting the list correctly. I'll attach > the patch for Option B for your review. I guess the previous patch (attachment 988659 [details]) was incomplete, because you had only prevented SSL2 ciphers, but not export ciphers yet. So the new patch seems better. In addition to SSL_IS_SSL2_CIPHER() that you were using, I found function SSL_IsExportCipherSuite. I understand you want to disable the union of both sets. If you don't want to hardcode the full list, and avoid the risk that you potentially miss something, how about adding the following at the beginning of ssl_IsRemovedCipherSuite? if (SSL_IS_SSL2_CIPHER(suite)) return PR_TRUE; if (SSL_IsExportCipherSuite(suite)) return PR_TRUE; (instead of adding ciphers to the switch)
Also, if it's your intention that your new #define controls more than just SSL2, then I wouldn't call it SSL2, but something that mentions both ssl2 and the export ciphers. Maybe NSS_NO_SSL2_NO_EXPORT It seems that export ciphers are controlled by the SSL_NO_STEP_DOWN socket option. In sslsock.c in array ssl_defaults, should the value of noStepDown be set to PR_TRUE? Similar to your code that fails if someone attempts to set the socket option to enable SSL2, should you do the same if someone attempts to enable stepDown, by setting SSL_NO_STEP_DOWN to false?
Created attachment 994300 [details] disable ssl2 and export cipher - libssl part Incorporates Kai's suggestions on Comment 15 and Comment 16.
Created attachment 994301 [details] disable ssl2 and export cipher - test/ssl part
Created attachment 994302 [details] fix shell syntax errors in some tests scripts
Created attachment 994303 [details] changes to nss.spec - in patch format
Comment on attachment 994303 [details] changes to nss.spec - in patch format I should state that I'm not sure that the change from if [ ${NSS_BUILD_SOFTOKEN_ONLY} = "1" ]; then to if [ "${NSS_BUILD_SOFTOKEN_ONLY}" = "1" ]; then is actually necessary.
(In reply to Elio Maldonado Batiz from comment #21) > Comment on attachment 994303 [details] > changes to nss.spec - in patch format > > I should state that I'm not sure that the change from > if [ ${NSS_BUILD_SOFTOKEN_ONLY} = "1" ]; then > to > if [ "${NSS_BUILD_SOFTOKEN_ONLY}" = "1" ]; then > is actually necessary. the second will work correctly in bash if the variable is unset: # unset NSS_BUILD_SOFTOKEN_ONLY # if [ ${NSS_BUILD_SOFTOKEN_ONLY} = "1" ]; then echo yes; else echo no; fi -bash: [: =: unary operator expected no # if [ "${NSS_BUILD_SOFTOKEN_ONLY}" = "1" ]; then echo yes; else echo no; fi no
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment on attachment 994301 [details] disable ssl2 and export cipher - test/ssl part >+ SSLCOV=[ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ] \ >+ && ${QADIR}/ssl/sslcov.noSSL2orExport.txt \ >+ || ${QADIR}/ssl/sslcov.txt > SSLAUTH=${QADIR}/ssl/sslauth.txt >+ SSLSTRESS=[ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ] \ >+ && ${QADIR}/ssl/sslstress.noSSL2orExport.txt \ >+ || ${QADIR}/ssl/sslstress.txt Maybe it's just me, but I think this is difficult to read. It's up to you, but I'd prefer a simpler approach: if [ "${NSS_NO_SSL2_NO_EXPORT}" = "1" ]; then SSLCOV=${QADIR}/ssl/sslcov.noSSL2orExport.txt SSLSTRESS=${QADIR}/ssl/sslstress.noSSL2orExport.txt else SSLCOV=${QADIR}/ssl/sslcov.txt SSLSTRESS=${QADIR}/ssl/sslstress.txt fi r+ with or without this change
Comment on attachment 994300 [details] disable ssl2 and export cipher - libssl part >+ifdef NSS_NO_SSL2_NO_EXPORT >+DEFINES += -DNSS_NO_SSL2 >+endif Is the define correct, or do you want the following? DEFINES += -DNSS_NO_SSL2_NO_EXPORT Rest looks good, r+ with this kept or fixed, as required.
(In reply to Kai Engert (:kaie) from comment #24) > Comment on attachment 994301 [details] I agree, your version is easier to to read.
(In reply to Kai Engert (:kaie) from comment #25) >+ifdef NSS_NO_SSL2_NO_EXPORT >+DEFINES += -DNSS_NO_SSL2 >+endif Oops, I forgot to change that one. > Is the define correct, or do you want the following? > > DEFINES += -DNSS_NO_SSL2_NO_EXPORT > Yes, that the one we want.
nss-3.17.4-5.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/nss-3.17.4-5.fc22
Package nss-3.17.4-5.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-3.17.4-5.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-3142/nss-3.17.4-5.fc22 then log in and leave karma (feedback).
nss-3.17.4-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.