Syndicate
Site (RSS, Atom)
Contact
Weblog status
Total entries: 50
Last entry: 2016-10-17 22:22:03
Last updated: 2016-10-18 07:57:57
powered by vim, bash, cat, grep, sed, and nb 3.4.2

2014-11-19 23:57:58

OpenSSL updates/enhancements for RHEL / Centos 5

As already mentioned Red Hat's reaction to POODLE was some kind of halfheartedly. They provide "resolutions" how to disable SSLv3 on services like i.e. postfix or apache. Red Hat does not provide a modified OpenSSL package which radically removes the ancient SSLv3 (and SSLv2) protocol code from OpenSSL. This has numerous causes like:

  • A rebuild of many dependent packages will maybe necessary.
  • Totally disabling SSLv3 may have drawbacks on software which actually needs it (which is against the enterprise philosophy).
  • Patching OpenSSL is a nightmare due to countless bugs in this crappy software (see Heartbleed, POODLE, comments of the LibreSSL authors and - of course - the source code).

A switch of OpenSSL 0.9.8 to OpenSSL 1 would have even more impacts. But using OpenSSL 1 as an additional package together with an SSLv3-stripped OpenSSL 0.9.8 is a nice solution to remove unsafe code and to provide modern encryption. This was my way.

openssl-0.9.8e without SSLv3

My openssl-0.9.8e-srvrclnt-no-ssl23.patch does the following modifications:

  • Strip SSLv2 and SSLv3 code from client and server.
  • Return with UNSUPPORTED_PROTOCOL error when using these ancient protocols
  • Set a modern and (for OpenSSL 0.9.8) well balanced SSL_DEFAULT_CIPHER_LIST.
  • Remove SSLv2/3 code also from internal test program ssltest used when building OpenSSL.
  • Remove SSLv2/3 code also from internal test script testssl used when building OpenSSL.

Instead of using the patch you can also download and rebuild the source rpm package.

Here's some testing output of ssltest.sh:

# ssltest.sh 127.0.0.1 443
Testing protocols:
SSLv2: NO
SSLv3: NO
TLSv1: YES
TLSv1.1: NO
TLSv1.2: NO
Testing ciphers using protocol TLSv1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=...
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=...
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=...
AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
# ssltest.sh 127.0.0.1 25 smtp
Testing protocols:
SSLv2: NO
SSLv3: NO
TLSv1: YES
TLSv1.1: NO
TLSv1.2: NO
Testing ciphers using protocol TLSv1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=...
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=...

openssl-1.0.1 as additional package

I took the source rpm package openssl-1.0.1e-30 of RHEL / Centos 6 and patched it to compile and install on a RHEL / Centos 5 system besides the OpenSSL base installation 0.9.8.

In opposition to the patch for OpenSSL 0.9.8 I disabled SSLv2 and SSLv3 code by just removing the protocols on every ssl context:

ret->options |= (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

You can test it with the source rpm package or directly with the openssl1 and openssl1-devel packages.

To actually use it you must recompile your applications with openssl1-devel installed (instead of openssl-devel). This can be done with commands like this: ***

# rpm -U openssl1-1.0.1e-30.el5_9.4rh5.i386.rpm
# rpm -e openssl-devel
# rpm -U openssl1-devel-1.0.1e-30.el5_9.4rh5.i386.rpm
# rpmbuild -ba jabberd.spec

Here's some testing output of ssltest.sh:

# ssltest.sh 127.0.0.1 5269 xmpp
Testing protocols:
SSLv2: NO
SSLv3: NO
TLSv1: YES
TLSv1.1: YES
TLSv1.2: YES
Testing ciphers using protocol TLSv1.2
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM...
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) ...
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=...
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia...
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM...
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) ...
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=...
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) Mac=...
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia...

Update 2015-08-09:
The packages are included in the tuxad repo.

Update 2016-05-21: ***
Well, this "rpmbuild -ba jabberd.spec" is just an example for compiling/ rpmbuilding an RPM package (in this case "jabberd") with the openssl1 RPM package. If you want i.e. dovecot to use openssl1 package then you must rebuild it with something like "rpmbuild --rebuild dovecot.src.rpm".
Please let me explain the RHEL SSL trouble more in detail:

RHEL as "enterprise linux" (CentOS as well) will never do big changes in their packages. In this case it is OpenSSL 0.98. RHEL will always stay on this release and will only provide important security patches.
The reason for that is that all packages with SSL (like apache, postfix, dovecot) are using this package. Updating OpenSSL to version 1 would require ALL these packages to be recompiled.
As a workaround for this trouble I created this RPM package "openssl1" to be additionally installed beside RHEL's openssl package. If you have installed the openssl1-devel package then all C headers and C libs for compiling are installed and you can recompile/rebuild the software you would like to have all SSL Ciphers and security and modern encryption like the RHEL/CentOS 6 packages have.
But please keep in mind that this does not mean that old RPM packages like RHEL 5's dovecot would get also i.e. ECDH encryption out of the box. For ECDH support you will mostly need a small patch. In case of "dovecot" I already did that: The dovecot-1.0.7-9.el5_11.4.log.dh.i386.rpm in my YUM repo contains 3 important patches. It logs the cipher/encrpytion used, it has bigger DH params (2048 bits) and it has EC cryptography support. Testing it with ssltest.sh:

$ SSLCipherSuite=ALL ~/ssltest.sh 127.0.0.1 993 
Testing: 127.0.0.1 993 ALL
Testing protocols:
SSLv2: NO
SSLv3: NO
TLSv1: YES
TLSv1.1: YES
TLSv1.2: YES
Testing ciphers using protocol TLSv1.2
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc= \
  AESGCM(256) Mac=AEAD TempKey: ECDH, secp521r1, 521 bits
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc= \
  AES(256) Mac=SHA384 TempKey: ECDH, secp521r1, 521 bits
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) \
  Mac=SHA1 TempKey: ECDH, secp521r1, 521 bits
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc= \
  AESGCM(256) Mac=AEAD TempKey: DH, 2048 bits
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) \
  Mac=SHA256 TempKey: DH, 2048 bits
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) \
  Mac=SHA1 TempKey: DH, 2048 bits
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc= \
  Camellia(256) Mac=SHA1 TempKey: DH, 2048 bits
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc= \
  AESGCM(128) Mac=AEAD TempKey: ECDH, secp521r1, 521 bits
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc= \
  AES(128) Mac=SHA256 TempKey: ECDH, secp521r1, 521 bits
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) \
  Mac=SHA1 TempKey: ECDH, secp521r1, 521 bits
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc= \
  AESGCM(128) Mac=AEAD TempKey: DH, 2048 bits
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) \
  Mac=SHA256 TempKey: DH, 2048 bits
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) \
  Mac=SHA1 TempKey: DH, 2048 bits
DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA Enc=SEED(128) \
  Mac=SHA1 TempKey: DH, 2048 bits
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc= \
  Camellia(128) Mac=SHA1 TempKey: DH, 2048 bits

Summary:
To benefit from openssl1.rpm you must recompile/rebuild software with openssl1-devel.rpm installed. Some packages in my tuxad YUM repo are already recompiled and patched RHEL rpm packages.


Posted by Frank W. Bergmann | Permanent link | File under: c, ssl, encryption, rpm, yum, repository, redhat, openssl