Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Context options and SSL_MODE_SEND_FALLBACK_SCSV
185 views
Skip to first unread message
Jeffrey Walton
Oct 15, 2014, 5:53:12 PM10/15/14
to
I have a question on the intersection of Patch to mitigate
CVE-2014-3566 ("POODLE") [0] and context options.
If the context options are set to remove SSLv3:
SSL_CTX* ctx = ...
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);
Then is the following needed from [0]:
SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV)
I suspect not, but I want to make sure I'm not missing something
obvious (or getting myself into a bad state).
[0] https://groups.google.com/d/msg/mailing.openssl.users/qq4Jc9SffAs/fYMLO8aF9cgJ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
CVE-2014-3566 ("POODLE") [0] and context options.
If the context options are set to remove SSLv3:
SSL_CTX* ctx = ...
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);
Then is the following needed from [0]:
SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV)
I suspect not, but I want to make sure I'm not missing something
obvious (or getting myself into a bad state).
[0] https://groups.google.com/d/msg/mailing.openssl.users/qq4Jc9SffAs/fYMLO8aF9cgJ
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Salz, Rich
Oct 15, 2014, 6:01:38 PM10/15/14
to
> If the context options are set to remove SSLv3:
> Then is the following needed from [0]:
>
> SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV)
You might care about fallback from TLS 1.2 (which has PFS) to TLS 1.1 (which doesn't).
>
> SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV)
I recommend that you always set that flag.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
Salz, Rich
Oct 16, 2014, 7:11:13 PM10/16/14
to
> #ifndef SSL_MODE_SEND_FALLBACK_SCSV
> #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
> #endif
That will not work. You can do this:
#ifdef SSL_MODE_SEND_FALLBACK_SCSV
SSL_CTX_set_mode(ctx, SSL_MODE_SEND_FALLBACK_SCSV)
#endif
But that is not the same thing.
You cannot just slip SCSV into an application without code changes to the application and to openssl.
> #define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
> #endif
That will not work. You can do this:
#ifdef SSL_MODE_SEND_FALLBACK_SCSV
SSL_CTX_set_mode(ctx, SSL_MODE_SEND_FALLBACK_SCSV)
#endif
But that is not the same thing.
You cannot just slip SCSV into an application without code changes to the application and to openssl.
Florian Weimer
Oct 17, 2014, 5:08:43 AM10/17/14
to
On 10/17/2014 10:10 AM, Giuseppe D'Angelo wrote:
> Yep, and the problem is that I control the application, not which
> OpenSSL version is installed. Therefore I wanted to future-proof my
> application, so when OpenSSL gets upgraded to a version which supports
> SSL_MODE_SEND_FALLBACK_SCSV, everything will work *without* also
> recompiling the application.
>
> Thus: the manual #define and the call in all cases. I'm fine if it's a
> no-op if OpenSSL doesn't support SSL_MODE_SEND_FALLBACK_SCSV, the
> important thing is that it doesn't break anything...
Do you downgrade the support protocols on handshake failures, like web
browsers do?
If not, then you cannot use SSL_MODE_SEND_FALLBACK_SCSV in any way, and
you do not need it, either.
--
Florian Weimer / Red Hat Product Security
> Yep, and the problem is that I control the application, not which
> OpenSSL version is installed. Therefore I wanted to future-proof my
> application, so when OpenSSL gets upgraded to a version which supports
> SSL_MODE_SEND_FALLBACK_SCSV, everything will work *without* also
> recompiling the application.
>
> Thus: the manual #define and the call in all cases. I'm fine if it's a
> no-op if OpenSSL doesn't support SSL_MODE_SEND_FALLBACK_SCSV, the
> important thing is that it doesn't break anything...
Do you downgrade the support protocols on handshake failures, like web
browsers do?
If not, then you cannot use SSL_MODE_SEND_FALLBACK_SCSV in any way, and
you do not need it, either.
--
Florian Weimer / Red Hat Product Security
Salz, Rich
Oct 17, 2014, 9:15:01 AM10/17/14
to
> > SSL_set_mode(ssl, SSL_MODE_SEND_FALLBACK_SCSV)
>
> You might care about fallback from TLS 1.2 (which has PFS) to TLS 1.1 (which
> doesn't).
>
> I recommend that you always set that flag.
Two clarifications: TLS 1.2 (with AEAD) to TLS 1.1 (doesn't). Or TLS 1.1 (PFS) to TLS 1.0.
>
> You might care about fallback from TLS 1.2 (which has PFS) to TLS 1.1 (which
> doesn't).
>
> I recommend that you always set that flag.
And by always, I meant always set it whenever you fall back. Not always every single time. :)
0 new messages