From: Matthew Jordan Date: Mon, 20 Oct 2014 14:10:49 +0000 (+0000) Subject: AST-2014-011: Fix POODLE security issues X-Git-Tag: 12.7.0-rc1~33 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea6f32fa18d85e4cbe7f1affef2bdc03bd997aae;p=thirdparty%2Fasterisk.git AST-2014-011: Fix POODLE security issues There are two aspects to the vulnerability: (1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the TCP/TLS core, which should be done as an improvement at a latter date. (2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified, will default to the OpenSSL SSLv23_method. This method allows for all encryption methods, including SSLv2/SSLv3. A MITM can exploit this by forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE. This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration, and explicitly disables SSLv2/SSLv3 if using SSLv23_method. For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or SSLv3. Much thanks to abelbeck for reporting the vulnerability and providing a patch for the res_jabber/res_xmpp modules. Review: https://reviewboard.asterisk.org/r/4096/ ASTERISK-24425 #close Reported by: abelbeck Tested by: abelbeck, opsmonitor, gtjoseph patches: asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903) asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903) AST-2014-011-1.8.diff uploaded by mjordan (License 6283) AST-2014-011-11.diff uploaded by mjordan (License 6283) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@425987 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/UPGRADE.txt b/UPGRADE.txt index 3262d769d3..0b595d83f4 100644 --- a/UPGRADE.txt +++ b/UPGRADE.txt @@ -28,6 +28,17 @@ PJSIP: OpenSSL names are available on their system for the pjsip.conf cipher option. +From 12.6.0 to 12.6.1: +- Due to the POODLE vulnerability (see + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566), the + default TLS method for TLS clients will no longer allow SSLv3. As + SSLv2 was already deprecated, it is no longer allowed by default as + well. TLS servers no longer allow SSLv2 or SSLv3 connections. This + affects the chan_sip channel driver, AMI, and the Asterisk HTTP server. + +- The res_jabber resource module no longer uses SSLv3 to connect to an + XMPP server. It will now only use TLSv1 or later methods. + From 12.5.0 to 12.6.0: ConfBridge: diff --git a/main/tcptls.c b/main/tcptls.c index 215ab75535..58b44bf193 100644 --- a/main/tcptls.c +++ b/main/tcptls.c @@ -747,6 +747,8 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) cfg->enabled = 0; return 0; #else + int disable_ssl = 0; + if (!cfg->enabled) { return 0; } @@ -762,22 +764,21 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) if (client) { #ifndef OPENSSL_NO_SSL2 if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) { + ast_log(LOG_WARNING, "Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n"); cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method()); } else #endif if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) { + ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n"); cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method()); } else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) { cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method()); } else { - /* SSLv23_client_method() sends SSLv2, this was the original - * default for ssl clients before the option was given to - * pick what protocol a client should use. In order not - * to break expected behavior it remains the default. */ + disable_ssl = 1; cfg->ssl_ctx = SSL_CTX_new(SSLv23_client_method()); } } else { - /* SSLv23_server_method() supports TLSv1, SSLv2, and SSLv3 inbound connections. */ + disable_ssl = 1; cfg->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); } @@ -787,6 +788,17 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client) return 0; } + /* Due to the POODLE vulnerability, completely disable + * SSLv2 and SSLv3 if we are not explicitly told to use + * them. SSLv23_*_method supports TLSv1+. + */ + if (disable_ssl) { + long ssl_opts; + + ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + SSL_CTX_set_options(cfg->ssl_ctx, ssl_opts); + } + SSL_CTX_set_verify(cfg->ssl_ctx, ast_test_flag(&cfg->flags, AST_SSL_VERIFY_CLIENT) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_NONE, NULL); diff --git a/res/res_jabber.c b/res/res_jabber.c index b25cea4638..39ef62e015 100644 --- a/res/res_jabber.c +++ b/res/res_jabber.c @@ -1290,14 +1290,17 @@ static int aji_start_tls(struct aji_client *client) static int aji_tls_handshake(struct aji_client *client) { int sock; + long ssl_opts; ast_debug(1, "Starting TLS handshake\n"); /* Choose an SSL/TLS protocol version, create SSL_CTX */ - client->ssl_method = SSLv3_method(); + client->ssl_method = SSLv23_method(); if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) { return IKS_NET_TLSFAIL; } + ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + SSL_CTX_set_options(client->ssl_context, ssl_opts); /* Create new SSL session */ if (!(client->ssl_session = SSL_new(client->ssl_context))) { diff --git a/res/res_xmpp.c b/res/res_xmpp.c index 3fe2a263f6..651c7ed85e 100644 --- a/res/res_xmpp.c +++ b/res/res_xmpp.c @@ -2637,6 +2637,7 @@ static int xmpp_client_requested_tls(struct ast_xmpp_client *client, struct ast_ { #ifdef HAVE_OPENSSL int sock; + long ssl_opts; #endif if (!strcmp(iks_name(node), "success")) { @@ -2655,11 +2656,14 @@ static int xmpp_client_requested_tls(struct ast_xmpp_client *client, struct ast_ ast_log(LOG_ERROR, "Somehow we managed to try to start TLS negotiation on client '%s' without OpenSSL support, disconnecting\n", client->name); return -1; #else - client->ssl_method = SSLv3_method(); + client->ssl_method = SSLv23_method(); if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) { goto failure; } + ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; + SSL_CTX_set_options(client->ssl_context, ssl_opts); + if (!(client->ssl_session = SSL_new(client->ssl_context))) { goto failure; }