Common Vulnerabilities and Exposures assigned an identifier CVE-2011-3389 to the following vulnerability: The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. OpenSSL upstream provided an workaround to address the CVE-2011-3389 flaw. Later it was found some servers did not work with the workaround and a way, how to disable it was provided. The particular bit to disable the workaround has been added to the SSL_OP_ALL bitmask that SSL clients use. Libcurl uses the SSL_OP_ALL bit, which for case of curl enables the CVE-2011-3389 security flaw again. Relevant curl upstream advisory: [1] http://curl.haxx.se/docs/adv_20120124B.html Particular upstream patch: [2] http://curl.haxx.se/curl-dont-insert-empty-fragments.patch
This issue did NOT affect the version of curl as shipped with Red Hat Enterprise Linux 6, as curl in this release is not built against OpenSSL (but rather with NSS instead). -- This issue did NOT affect the versions of curl as shipped with Fedora release of 15 and 16, as curl in these releases is not built against OpenSSL (but rather with NSS instead).
Acknowledgements: Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Apple Product Security Team as the original reporter.
Created attachment 559289 [details] Patch backport to curl 7.15.5 (rhel-5)
Shortly after upstream "curl SSL CBC IV vulnerability" advisory was released, it was reported that the fix break communication with certain SSL/TLS servers. To address the problem, upstream introduced new libcurl option - CURLOPT_SSL_OPTIONS: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html#CURLOPTSSLOPTIONS CURLOPT_SSL_OPTIONS Pass a long with a bitmask to tell libcurl about specific SSL behaviors. CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user will tell libcurl to not attempt to use any work-arounds for a security flaw in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a work-around for this flaw although it might cause interoperability problems with some (older) SSL implementations. WARNING: avoiding this work-around loosens the security, and by setting this option to 1 you ask for exactly that. (Added in 7.25.0) Similarly curl command line tool got new --ssl-allow-beast option: http://curl.haxx.se/docs/manpage.html#--ssl-allow-beast --ssl-allow-beast (SSL) This option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols known as BEAST. If this option isn't used, the SSL layer may use work-arounds known to cause interoperability problems with some older SSL implementations. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that. (Added in 7.25.0) These were added via following commits: https://github.com/bagder/curl/commit/2a699bc https://github.com/bagder/curl/commit/62d15f1 https://github.com/bagder/curl/commit/ebf3138 This option can be used by curl versions compiled both against OpenSSL (controlling the setting of SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS OpenSSL otpion) and NSS (controlling the setting of SSL_CBC_RANDOM_IV NSS options). Further discussion can be found at: http://thread.gmane.org/gmane.comp.web.curl.library/34659
I'm closing this as we're currently not planning to add this change to curl version in Red Hat Enterprise Linux 5. Due to the compatibility reasons, we can not enable this protection by default. When disabled by default, applications using libcurl will not benefit from the fix unless they are modified to explicitly enable the protection. The curl command line client would get an option to control the use of this protection as part of the fix, however, there's no attack vector against it. curl packages in Red Hat Enterprise Linux 6 use NSS library instead of OpenSSL. Similar record splitting mitigation is also implemented in the NSS library, but in remains disabled by default in Red Hat Enterprise Linux 5 and 6 (see bug 737506, comment 34). It can be enabled by setting NSS_SSL_CBC_RANDOM_IV environment variable before starting an application using NSS. Adding CURLSSLOPT_ALLOW_BEAST curl option to curl in Red Hat Enterprise Linux 6 would disable the use of the NSS environment variable to control use of this mitigation. Therefore, there's currently no plan to add this curl option to curl packages in Red Hat Enterprise Linux 6 either. Future product version may include curl packages supporting CURLSSLOPT_ALLOW_BEAST option (curl 7.25.0 or later is currently available in Fedora 18 and later).