OpenSSL has issued an advisory today (January 28): https://www.openssl.org/news/secadv/20160128.txt The first issue is considered serious. Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated openssl packages fix security vulnerability: OpenSSL before 1.0.2f would allow for a process to re-use the same private Diffie-Hellman exponent repeatedly during its entire lifetime, which, given that it also allows to use custom DH parameters which may be based on unsafe primes, could enable an attack that could discover the DH exponent, compromising the security of DH symmetric key negotiation (CVE-2016-0701). In OpenSSL before 1.0.2f, A malicious client can negotiate SSLv2 ciphers that have been disabled on the server and complete SSLv2 handshakes even if all SSLv2 ciphers have been disabled, provided that the SSLv2 protocol was not also disabled via SSL_OP_NO_SSLv2 (CVE-2015-3197). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0701 https://www.openssl.org/news/secadv/20160128.txt ======================== Updated packages in core/updates_testing: ======================== openssl-1.0.2f-1.mga5 libopenssl-engines1.0.0-1.0.2f-1.mga5 libopenssl1.0.0-1.0.2f-1.mga5 libopenssl-devel-1.0.2f-1.mga5 libopenssl-static-devel-1.0.2f-1.mga5 from openssl-1.0.2f-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://wiki.mageia.org/en/QA_procedure:Openssl
Whiteboard: (none) => has_procedure
mga5 x86_64 Mate Before the update, running these checks provided in the QA procedure wiki (comment #1) returned similar results to those listed there. $ urpmq -i openssl Name : openssl Version : 1.0.2e Release : 1.mga5 Group : System/Libraries Size : 918289 Architecture: x86_64 Source RPM : openssl-1.0.2e-1.mga5.src.rpm URL : http://www.openssl.org/ Summary : Secure Sockets Layer communications libs & utils Description : The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. [lcl@vega ~]$ openssl version -a OpenSSL 1.0.2e 3 Dec 2015 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fPIC -Wa,--noexecstack -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: rdrand dynamic $ openssl speed rsa <series of 10 second tests Ending with summary> sign verify sign/s verify/s rsa 512 bits 0.000034s 0.000003s 29535.8 380840.7 rsa 1024 bits 0.000102s 0.000007s 9768.0 149968.5 rsa 2048 bits 0.000469s 0.000021s 2133.1 47187.1 rsa 4096 bits 0.004885s 0.000077s 204.7 12996.4 $ openssl speed Doing mdc2 for 3s on 16 size blocks: 3985544 mdc2's in 3.00s Doing mdc2 for 3s on 64 size blocks: 1085133 mdc2's in 2.99s Doing mdc2 for 3s on 256 size blocks: 278051 mdc2's in 3.00s Doing mdc2 for 3s on 1024 size blocks: 69972 mdc2's in 3.00s Doing mdc2 for 3s on 8192 size blocks: 8765 mdc2's in 3.00s Doing md4 for 3s on 16 size blocks: 21021652 md4's in 3.00s <.... and so on for sha512, whirlpool, rmd160, rc4 aes 128 cbc .....>
CC: (none) => tarazed25
Still in pre-update stage. Trying to establish a connection with another machine on the LAN in emulation mode. Remote machine is the server. Note that the server end has to be run by root because the certificate is located in /etc. [lcl@belexeuli qa]$ sudo openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT 140085215626896:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: ACCEPT # On the client machine, vega: [lcl@vega ~]$ openssl s_time -connect <explicit address for server>:4433 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 140325916956304:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40 This is the response on the server: 140085215626896:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: ACCEPT Is the handshake failure related to the lack of agreement between the two sets of large numbers bracketing :error:?
Tried setting up the server loop on one machine only: [lcl@vega ~]$ openssl s_time -connect localhost:4433 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 139719766730384:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40 Response on vega: 139781926258320:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: ACCEPT
Went ahead and installed the update packages and ran some preliminary tests. $ openssl version -a OpenSSL 1.0.2e 3 Dec 2015 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fPIC -Wa,--noexecstack -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: rdrand dynamic $ openssl ciphers -v ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 <etc, etc.> $ openssl speed whirlpool -multi 8 < lots of output > whirlpool 171445.23k 370335.23k 618416.04k 740790.27k 788936.02k $ openssl speed sha1 -multi 8 < lots more output > sha1 384008.27k 1110469.38k 2668539.31k 4082426.20k 4685023.91k Tried local server client loop: [lcl@vega ~]$ sudo openssl s_server -cert /etc/pki/tls/certs/httpd.pem -key /etc/pki/tls/private/httpd.pem -www Using default temp DH parameters ACCEPT In another terminal: [lcl@vega ~]$ openssl s_time -connect localhost:4433 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 140703771068048:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40 Response from server: 140579609757328:error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number:s3_srvr.c:960: ACCEPT Out of my depth here. No idea what to do.
(In reply to Len Lawrence from comment #5) > In another terminal: > [lcl@vega ~]$ openssl s_time -connect localhost:4433 -www / -new -ssl3 there is one "3" too much in the port number... default https ssl port is 443
CC: (none) => tmb
Oh, thanks for that. I was taking the documentation literally. Shall try again.
[lcl@vega ~]$ openssl s_time -connect localhost:443 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 140442377565840:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40 No response from the server.
Oops, my bad... I thought you were testing ssl against a web-server, but you are testing against openssl :/
Thanks anyway Thomas. Since the failures occurred in the same way both before and after the update my feeling is that I am doing something wrong. The NoCIPHER message looks like fyi only.
URL: (none) => http://lwn.net/Vulnerabilities/674068/
Fedora has issued an advisory for this on January 30: https://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html
(In reply to Len Lawrence from comment #8) > [lcl@vega ~]$ openssl s_time -connect localhost:443 -www / -new -ssl3 > No CIPHER specified > Collecting connection statistics for 30 seconds > ERROR > 140442377565840:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert > handshake failure:s3_pkt.c:1472:SSL alert number 40 > > No response from the server. I'm getting the same error Len.
CC: (none) => wilcal.int
Thanks Bill. Could I ask you to try the 4433 port? $ openssl s_time -connect localhost:4433 -www / -new -ssl3 and see what the server gives.
(In reply to Len Lawrence from comment #13) > Thanks Bill. Could I ask you to try the 4433 port? > $ openssl s_time -connect localhost:4433 -www / -new -ssl3 > and see what the server gives. [root@localhost wilcal]# openssl s_time -connect localhost:4433 -www / -new -ssl3 No CIPHER specified Collecting connection statistics for 30 seconds ERROR 3073066684:error:0200206F:system library:connect:Connection refused:bss_conn.c:246:host=localhost:4433 3073066684:error:20073067:BIO routines:CONN_STATE:connect error:bss_conn.c:249:
Thanks Bill. A different error then. Looks like it did not even connect.
Testing complete mga5 64 As https://wiki.mageia.org/en/QA_procedure:Openssl $ openssl version -a $ openssl speed Used a computer on LAN with apache installed.. $ openssl s_time -connect 192.168.0.2:443 No CIPHER specified Collecting connection statistics for 30 seconds *********************************************** ..etc
Whiteboard: has_procedure => has_procedure mga5-64-ok
Validating. Advisory uploaded. Please push to 5 updates, thanks.
Keywords: (none) => validated_updateWhiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0056.html
Status: NEW => RESOLVEDResolution: (none) => FIXED