1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
From 56f1acf5ef8a432992497a04792ff4b3b2c6f286 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Wed, 17 Feb 2016 21:37:15 -0500
Disable SSLv2 default build, default negotiation and weak
SSLv2 is by default disabled at build-time. Builds that are not
configured with "enable-ssl2" will not support SSLv2. Even if
"enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either
of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
or
SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
as appropriate. Even if either of those is used, or the application
explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search
key recovery have been removed. Specifically, the SSLv2 40-bit
EXPORT ciphers, and SSLv2 56-bit DES are no longer available.
Mitigation for CVE-2016-0800
Upstream-Status: Backport
[Removed CHANGES and NEWS from the original patch]
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
diff -ruN a/Configure b/Configure
--- a/Configure 2016-03-04 08:36:29.390151489 +0100
+++ b/Configure 2016-03-04 08:37:24.731804074 +0100
@@ -780,8 +780,9 @@
"md2" => "default",
"rc5" => "default",
"rfc3779" => "default",
- "sctp" => "default",
+ "sctp" => "default",
"shared" => "default",
+ "ssl2" => "default",
"store" => "experimental",
"unit-test" => "default",
"zlib" => "default",
diff -ruN a/ssl/s2_lib.c b/ssl/s2_lib.c
--- a/ssl/s2_lib.c 2015-07-09 14:21:24.000000000 +0200
+++ b/ssl/s2_lib.c 2016-03-04 08:37:24.731804074 +0100
@@ -156,6 +156,7 @@
128,
},
+# if 0
/* RC4_128_EXPORT40_WITH_MD5 */
{
1,
@@ -171,6 +172,7 @@
40,
128,
},
+# endif
/* RC2_128_CBC_WITH_MD5 */
{
@@ -188,6 +190,7 @@
128,
},
+# if 0
/* RC2_128_CBC_EXPORT40_WITH_MD5 */
{
1,
@@ -203,6 +206,7 @@
40,
128,
},
+# endif
# ifndef OPENSSL_NO_IDEA
/* IDEA_128_CBC_WITH_MD5 */
@@ -222,6 +226,7 @@
},
# endif
+# if 0
/* DES_64_CBC_WITH_MD5 */
{
1,
@@ -237,6 +242,7 @@
56,
56,
},
+# endif
/* DES_192_EDE3_CBC_WITH_MD5 */
{
diff -ruN a/ssl/ssl_lib.c b/ssl/ssl_lib.c
--- a/ssl/ssl_lib.c 2015-07-09 14:21:24.000000000 +0200
+++ b/ssl/ssl_lib.c 2016-03-04 08:37:24.735803905 +0100
@@ -1896,6 +1896,13 @@
*/
ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ /*
+ * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
+ * explicitly clear this option via either of SSL_CTX_clear_options() or
+ * SSL_clear_options().
+ */
+ ret->options |= SSL_OP_NO_SSLv2;
+
return (ret);
err:
SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
|