Poodle - Disabling SSLv3

[Klug]

Thanks to the new SSLv3 problem, what should be done to disable SSLv3 in ZCS?

This wiki page should be updated, too: http://wiki.zimbra.com/wiki/Cipher_suites
This one could be removed and/or link to the previous one: http://wiki.zimbra.com/wiki/ShanxT-Remo ... SL-Ciphers

[Klug]

https://bugzilla.zimbra.com/show_bug.cgi?id=95976

[ploeger]

Hi Klug!



First of all: Don't mix protocol versions with cipher suites! Disabling cipher suites won't help you with poodle. You need to explicitely disable the whole SSLv3 protocol whatsoever.



Hmm... I THINK, Zimbra's jetty should be fairly Poodle-free, because Jetty's default protocol value is "TLS" and Zimbra doesn't overwrite that value in the jetty.xml. So jetty should run with a minimum of TLS1.0.



However, I don't know about Zimbra's nginx base settings, because I don't use a Zimbra proxy here. They COULD be vulnerable. Could anybody using Zimbra proxy please check?



Thanks.



Kind regards



Dennis

[Klug]

I checked on some of my servers before posting (8.0.x)
Both mailboxd (jetty) and zimbra-proxy (nginx) are using SSLv3 (as kinda stated in the official wiki page).
Test was done using this: http://foundeo.com/products/iis-weak-ss ... s/test.cfm
It seems that, when using zimbra-proxy, you can remove SSLv3 through zimbraReverseProxySSLCiphers (global config parameter).
However, I'm not sure about possible side effects of removing it here.
And it won't remove it from Jetty.

[ploeger]

Oh, okay. So I misunderstood the Jetty documentation. Thanks for sharing the test link.



Looks like you can just exclude sslv3 from jetty like documented here: http://stackoverflow.com/questions/1991 ... s-in-jetty (Zimbra 8.5 is using Jetty 9, 8.0 may be different)

[ploeger]

Okay. Tested that in my development environment.

Added the following lines to ~zimbra/mailboxd/etc/jetty.xml.in below the tag <New id="zimbraSslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">:

<Set name="excludeProtocols">
    <Array type="java.lang.String">
        <Item>SSLv3</Item>
   </Array>
</Set>

Restarted mailboxd. I still can connect to the server without a problem, but using sslyze (https://github.com/nabla-c0d3/sslyze) I see, that SSLv3 is not supported anymore.

Again, I can't check nginx here.

[Klug]

I just tried using openssl (CLI, in case the online tool was broken) and the answer seems to show the server is able to use TLSv1 and SSLv3 but defaults to TLS 1.2.
#openssl s_client -connect server.domain.tld:443
.../...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
.../...
However, if you force SSLv3, the server does answer in SSLv3.
#openssl s_client -connect server.domain.tld:443 -ssl3
.../...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
.../...

[ploeger]

That's for Nginx? I was using sslyze (like stated above) and python sslyze --regular <host> states:



* SSLV3 Cipher Suites:

Server rejected all cipher suites.

[Klug]

Tested against a 8.0.7 ZCS NE server with zimbra-proxy.

[Klug]

For nginx, it seems you have to add this line to all web SSL-enabled templates (https, default, both, mixed, redirect, sso):
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

From what I see in the nginx documentation, using zimbraReverseProxySSLCiphers as a global parameter to limit the protocols is not correct (as you said, because of a mix of ciphers and protocols).
Only the ciphers should be set with this parameter (!ADH:!eNULL:!aNULL:!DHE-RSA-AES256-SHA:!MD5:RC4:HIGH).
But as it seems there's not zimbraReverseProxySSLProtocols global parameter (yet), manual edit of the proxy template files seems to be the way to go.

Obviously, waiting for official comments about this...