AST-2014-011: Fix POODLE security issues

There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
    TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
    TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
    will default to the OpenSSL SSLv23_method. This method allows for all
    encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
    forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
    This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
    and explicitly disables SSLv2/SSLv3 if using SSLv23_method.

For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.

Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.

Review: https://reviewboard.asterisk.org/r/4096/

ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
  asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
  asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
  AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
  AST-2014-011-11.diff uploaded by mjordan (License 6283)
  AST-2014-011-12.diff uploaded by mjordan (License 6283)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@425985 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/UPGRADE.txt b/UPGRADE.txt
index fbdb31b2ade7524964bf50c2c7683f0b4467e11f..f8e77b1da5e8a38e816e785078b20e6032de9bd5 100644 (file)
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@@ -18,6 +18,18 @@
 ===
 ===========================================================
 
+from 1.8.31.0 to 1.8.31.1:
+
+* Due to the POODLE vulnerability (see 
+  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566), the
+  default TLS method for TLS clients will no longer allow SSLv3. As
+  SSLv2 was already deprecated, it is no longer allowed by default as
+  well. TLS servers no longer allow SSLv2 or SSLv3 connections. This
+  affects the chan_sip channel driver, AMI, and the Asterisk HTTP server.
+
+* The res_jabber resource module no longer uses SSLv3 to connect to an
+  XMPP server. It will now only use TLSv1 or later methods.
+
 from 1.8.28.2 to 1.8.29.0:
 * Added the inband_on_setup_ack compatibility option to chan_dahdi.conf to
   deal with switches that don't send an inband progress indication in the

diff --git a/main/tcptls.c b/main/tcptls.c
index d09ea7e4c56d7df6f88b4d18f389c2b90969bd6b..0c6b44ec3011790a17c28f2577001237bca32cba 100644 (file)
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -741,6 +741,8 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
        cfg->enabled = 0;
        return 0;
 #else
+       int disable_ssl = 0;
+
        if (!cfg->enabled)
                return 0;
 
@@ -755,22 +757,21 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
        if (client) {
 #ifndef OPENSSL_NO_SSL2
                if (ast_test_flag(&cfg->flags, AST_SSL_SSLV2_CLIENT)) {
+                       ast_log(LOG_WARNING, "Usage of SSLv2 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
                        cfg->ssl_ctx = SSL_CTX_new(SSLv2_client_method());
                } else
 #endif
                if (ast_test_flag(&cfg->flags, AST_SSL_SSLV3_CLIENT)) {
+                       ast_log(LOG_WARNING, "Usage of SSLv3 is discouraged due to known vulnerabilities. Please use 'tlsv1' or leave the TLS method unspecified!\n");
                        cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());
                } else if (ast_test_flag(&cfg->flags, AST_SSL_TLSV1_CLIENT)) {
                        cfg->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
                } else {
-                       /* SSLv23_client_method() sends SSLv2, this was the original
-                        * default for ssl clients before the option was given to
-                        * pick what protocol a client should use.  In order not
-                        * to break expected behavior it remains the default. */
+                       disable_ssl = 1;
                        cfg->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
                }
        } else {
-               /* SSLv23_server_method() supports TLSv1, SSLv2, and SSLv3 inbound connections. */
+               disable_ssl = 1;
                cfg->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
        }
 
@@ -780,6 +781,17 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
                return 0;
        }
 
+       /* Due to the POODLE vulnerability, completely disable
+        * SSLv2 and SSLv3 if we are not explicitly told to use
+        * them. SSLv23_*_method supports TLSv1+.
+        */
+       if (disable_ssl) {
+               long ssl_opts;
+
+               ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+               SSL_CTX_set_options(cfg->ssl_ctx, ssl_opts);
+       }
+
        SSL_CTX_set_verify(cfg->ssl_ctx,
                ast_test_flag(&cfg->flags, AST_SSL_VERIFY_CLIENT) ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_NONE,
                NULL);

diff --git a/res/res_jabber.c b/res/res_jabber.c
index 5ae60c1ce6dc339f484eccc0e47db085a502a017..aa923a24bf4395ba823af977604976b76824cf45 100644 (file)
--- a/res/res_jabber.c
+++ b/res/res_jabber.c
@@ -1240,14 +1240,17 @@ static int aji_tls_handshake(struct aji_client *client)
 {
        int ret;
        int sock;
+       long ssl_opts;
 
        ast_debug(1, "Starting TLS handshake\n");
 
        /* Choose an SSL/TLS protocol version, create SSL_CTX */
-       client->ssl_method = SSLv3_method();
+       client->ssl_method = SSLv23_method();
        if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) {
                return IKS_NET_TLSFAIL;
        }
+       ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+       SSL_CTX_set_options(client->ssl_context, ssl_opts);
 
        /* Create new SSL session */
        if (!(client->ssl_session = SSL_new(client->ssl_context))) {