Search code examples
internet-explorerssljbosspoodle-attack

POODLE vulnerability, JBoss and IE

So, I have JBoss 5.1.0 GA, and I read about how I need to disable SSLv3 here:

https://access.redhat.com/solutions/1232233

What was not mentioned here was that I also need to get rid of all ciphers that support falling back to SSLv3. When I did that, I got a "green checkmark" on this website

https://www.tinfoilsecurity.com/poodle

which is basically a confirmation that I've secured my server and SSLv3 is not supported anymore, but now I cannot access my website using IE (all versions of IE). Since I only had 4 ciphers in my cipher list in the server.xml configuration, I aimed to find more ciphers to add in this list, to get IE to work. I added more than 50 ciphers, but IE still won't load my website. Here's a list of all the ciphers that I used so far (I got the list from here (https://www.openssl.org/docs/apps/ciphers.html):

TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DH_DSS_WITH_SEED_CBC_SHA, TLS_DH_RSA_WITH_SEED_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA, TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_WITH_DES_CBC_SHA, TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_WITH_DES_CBC_SHA, TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_WITH_AES_128_CBC_SHA, TLS_DH_DSS_WITH_AES_256_CBC_SHA, TLS_DH_RSA_WITH_AES_128_CBC_SHA, TLS_DH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_RC4_128_SHA

None of these ciphers work with IE, meaning that when I approach my server with IE, I get "This page can’t be displayed".

Can someone help me with this? Is there a cipher that I can use which will not open SSLv3 on my server, and will also work with IE?

UPDATE: If I implement the solution suggested by RedHat (which is, changing the sslProtocols to "TLSv1,TLSv1.1,TLSv1.2"):

  1. I get an error when starting JBoss saying "TLSv1,TLSv1.1,TLSv1.2 SSLContext not available". This means that this string is invalid, and I MUST use only one of these protocols. Ok well, I'll go eith the most secure one: "TLS1.2"
  2. The other problem is that in the RedHat solution, nothing is mentioned on ciphers. I was under the impression that "ciphers" element is not needed anymore, so I removed it from the server.xml, changed the sslProtocols value to "TLSv1.2" and scanned my server. IT IS STILL VULNERABLE!.
  3. I tried setting TLSv1.1 and TLSv1. It does not work. It seems that the sslProtocols element does not have ANY effect on which protocols the server is using, meaning that only the ciphers element has some value.
  4. Well, OK then, I said... I'll find some TLSv1.2 specific ciphers, and I'll add it there, thus tightly securing my server. I added ALL the TLSv1.2 ciphers from the list specified in the https://www.openssl.org/docs/apps/ciphers.html link. Scanned my server, got a "green checkmark", everyting OK and secured... Tried to approach my server through any browser... "The page cannot be opened". Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Firefox: ssl_error_no_cypher_overlap IE: Page cannot be opened (not having the courtesy to inform me why) What the hell?! What should I do now?
  5. Ok, I'll start adding the ciphers from the bottom up from the https://www.openssl.org/docs/apps/ciphers.html list, SKIPPING the SSLv3 ones. I got to this (really short) list: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, (IE works only with this cipher) TLS_DHE_RSA_WITH_AES_128_CBC_SHA, (FF, Chrome and Safari work with this cipher) TLS_DHE_RSA_WITH_AES_256_CBC_SHA, (FF, Chrome and Safari work with this cipher) All browsers work, things look OK. https://www.tinfoilsecurity.com/poodle -> Green checkmark, everything good! Let's try some more online scanners, just to be safe... https://www.expeditedssl.com/poodle -> Not vulnerable. GREAT! https://www.poodlescan.com/ -> VULNERABLE! F**K!
  6. Ultimate scan: ssllabs.com ... VULNERABLE!

I'm loosing my mind here... please help!

UPDATE2: After 2 lost days trying to figure out what the problem is... The suggested fix from RedHat contained the element sslProtocol***s*** as opposed to the sslProtocol (note there's no 's' at the end), which I was using, and which is described in the official JbossWeb documentation http://docs.jboss.org/jbossweb/2.1.x/config/http.html

I just added sslProtocols = "TLSv1,TLSv1.1,TLSv1.2" and removed the "ciphers" element, everything works as expected.

Solution

  • After 2 lost days trying to figure out what the problem is...

    The suggested fix from RedHat contained the element sslProtocols as opposed to the sslProtocol (note there's no 's' at the end), which I was using, and which is described in the official JbossWeb documentation http://docs.jboss.org/jbossweb/2.1.x/config/http.html

    I just added

    sslProtocols = "TLSv1,TLSv1.1,TLSv1.2"

    and removed the "ciphers" element, now everything works as expected.