-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Wed, Nov 19, 2014 at 03:58:36PM +0100, Nikos Mavrogiannopoulos wrote: > Hello, > Eric Christensen proposed removing SSL 3.0 from the DEFAULT crypto > policy in F21, due to the POODLE attack. I experimented a bit, and > noticed (again) that openssl cannot set the supported versions via a > cipher string, and since NSS is still work in progress, it would > actually mean that this setting would only apply to gnutls. Also Tomas > Mraz noticed quite few mail clients that still use SSL 3.0 only, meaning > SSL 3.0 is not completely dead yet and may cause compatibility issues > for Fedora servers that use these strings. You can't disable SSLv3 in OpenSSL why? AFAIK that functionality has been available for a while. There are two parts to the POODLE vulnerability: SSLv3 being nearly broken and the downgrade attack. The downgrade attack, only valid on HTTP but we've also found the problem in Thunderbird, involves an attacker downgrading a connection to SSLv3 from TLS. SSLv3, itself, is now considered weak. With a few minor exceptions we've not found any current programs that only support SSLv3. > With that in mind, does it make sense to update the policies to remove > SSL 3.0, or should we wait until F22? This year has seen every SSL/TLS implementation having some sort of spotlight on it. EVERY SINGLE ONE. From OpenSSL and NSS to whatever that Microsoft vulnerability was that was open for a couple of decades, there hasn't been an implementation that has remained safe. Security moves fast and crypto, as of recent times, has moved faster. Recommended settings from a month ago may not be safe settings tomorrow. Luckily with the release cycle of Fedora we can mostly keep up with the changes. I've been very impressed with the development teams from OpenSSL and Mozilla with their ability to roll out new settings for their products within days of these issues going public. SSLv3 is turned off my default in Firefox now. Red Hat has either disabled SSLv3 for their products or is working on doing so (for software we've identified) and we're working to do the same thing in Fedora to help protect users. Bottom line, if you're still using SSLv3 it's LEGACY and shouldn't be DEFAULT. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJUbMMGAAoJEB/kgVGp2CYvq0gL/R+wiH4eXa9tT2MdoGlP3+sc MUqYJTCAxTKQQhO00X9Ql2twGMuvOwr8rSaZ7D1jqLe272YnkiGHF693J/E6uzpo BVl0IBFWhLSQ/zztOJ1dMAdpqsC/3A/RLM94JzrP7C7fK8690peYJRNAA+o0nn17 GbB2B5QmOUKg3GnJ155MyBryXNYkJYTwSfQQahm3UMaZgHQfLrBEF3e7PedcFk22 EmYMuSuvUZrS/rcWQMCox17V701XM2t0s6I1ZVbcKMIv34cVYp74tGyFE9iNq5KD 1sqVOv1HF43Nr3z470Vi787ihSEeVziC2TG+bsEPDVto9XFAHoOiOFQ4gv77bhQF EgIez/UYhXGtnMnhXSyQep5jbv3aDNcSp/0OLY8ugoc+W488ovf/f5GCbingEIb9 7kVM1Px6LusfAmNhhBzz0oOEPbJK4GABKgB/hxNZYWGnd4IlL6/vsrNJP/wpxr/0 NENI63UgqlNAp4sn8tRPKMv+DWnNbGomkQRJdeJ21g== =mpip -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security