tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: More, Re: Question about vulnerability report
Date Tue, 09 Aug 2016 16:25:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James,

On 8/8/16 2:31 PM, James H. H. Lampert wrote:
> Hmm. This is interesting.
> 
> pentest-tools.com says that neither our server nor the customer
> server is vulnerable to POODLE.
> 
> But Site24x7.com says ours IS vulnerable to POODLE. Then (when I
> click "View Result") it says it isn't. Then (when I actually run
> the test again) it once again says it is. (I haven't tested the
> customer site because results are posted on the test home page,
> which would compromise the customer's privacy.)
> 
> Some other POODLE test sites don't appear to work at all. Others
> say we're not vulerable.
> 
> Manually testing both servers with
>> curl -v3 -X HEAD https://www.example.com
> from a BASH session on my Mac, as per 
> <http://chrisburgess.com.au/how-to-test-for-the-sslv3-poodle-vulnerabi
lity/>
>
> 
> 
> comes back with the desired "failed handshake" message on both
> servers.

There /is/ a POODLE variation which is against TLS 1.0 - 1.2 [1]. If
SSLv3 is completely disabled (TLS1.0 is okay), then you aren't
vulnerable to "classic" POODLE. If you aren't using CBC-based cipher
suites with TLS1.0 - TLS1.2, then you should be okay.

With a Java 1.6 (1.6.0_26) client, my server refuses connections due
to too-small DH pairs when left to its own devices[2]. When the client
is restricted to certain ciphers, these cipher suites are usable:

 Accepted    TLSv1 TLS_RSA_WITH_AES_128_CBC_SHA
 Accepted    TLSv1 TLS_RSA_WITH_AES_256_CBC_SHA
 Accepted    TLSv1 SSL_RSA_WITH_3DES_EDE_CBC_SHA

Of course, those CBC-based cipher suites are the ones vulnerable to
the TLS flavor of POODLE.

Ivan Ristic tends to know what he's doing, so I think you can trust
Qualys's server-testing tool.

- -chris

[1] https://en.wikipedia.org/wiki/POODLE#POODLE_attack_against_TLS
[2] The TLS handshake protocol doesn't include key sizes as part of
its cipher suite negotiation, so the server and client agree that they
will use a DH-based cipher suite, but then the client doesn't like the
key size (> 1024 bits) that the server chose.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXqgP1AAoJEBzwKT+lPKRYv38P/3YeNilJnpcMgNMQ+ZQE9VFn
Y1pBY7qb7wZYp3cxnNlRRnSBkhUIho/rwZ88vpUAPUEBK2oVVwpFovAlIPOZmV2K
ARB1KYhFxV3pInfrOLbDNMjWW6AWxPcK7n+7dbT0ZZI5aoZjl9w+Vsa16EC7Xapn
RqwUHnyOHnXLYi5YHGTLvIOIl5Wdcn1HzPbvbHhl4qjJ4n1t2PSRGqykolBSW18p
AVyNXsJgKwpuIRCjTsJ9nsc0mtO+ovr01OLySViJ33KcIyZoyOk2PWu73yHDMp4l
pUl7mYzuYmzFmMwU6s6HbDTbkxHSWBgZ+IcWH2cdQv1Uwa1VL6lQFprFC7kS/27F
bH5PUN8fnQ7F9DpH2usokkc+mto9gWpK9/J2Kj6Fk/IDdwsYd2TYEM85VAkX6GL8
xSqoAUlyRGBxyUNp6MlGmTJOM91u5KhRm2Y6kuwjF/4Orl/ZHG8sLf2racfQ71t1
eD2OuJGo0YgEpnwElMAFYvZNsNhv8fTElvFfv9FINFWORDFLCrgqldF7XGfgKBDi
QBf9A++27rFhTq+7C4emPiADJ9VMEKJP0cdzkmTBWL1Axp3lf914jmg9vwzx7Rtu
5yIa9iYBhTwSyGd2Nkfpi73TkBKWPlqTrOO1T5blQhL27QsLvGj1awe/WAc8kN4p
w5Kj+TagsFa1qHomoedo
=ZjKF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message