how to deny the SSL v2.0 handshake when SSL v2.0 is disabled

Igor Sysoev igor at sysoev.ru
Thu Jul 1 09:26:10 MSD 2010 

On Wed, Jun 30, 2010 at 04:21:25PM -0400, Calomel Org wrote:

> Is there any way to completely disable the SSL v2.0 handshake when SSL
> v2.0 support is disabled in nginx.conf ?
> 
> This is the SSL configuration used and only TLSv1 is enabled in
> "ssl_protocols".
>   
>   ## Nginx SSL (FIPS 140-2 experimental)
>    ssl on;
>    ssl_certificate /ssl_keys/host.org_ssl.crt;
>    ssl_certificate_key /ssl_keys/host_ssl.key;
>    ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA;
>    ssl_dhparam /ssl_keys/host_dh.pem;
>    ssl_prefer_server_ciphers on;
>    ssl_protocols TLSv1;
>    ssl_session_cache shared:SSL:10m;
>    ssl_session_timeout 5m;
> 
> The reason this question has come up is SSL Labs has recently been in
> the news promoting a tool to check the compliance of a SSL server. We
> thought we would check our host and we ranked at the very top (93%) of
> the "Recent Best-Rated". The testing site can be found here:  
> 
>   https://www.ssllabs.com/ssldb/index.html
> 
> When we checked our server (https://calomel.org) with their tool it
> reported "SSL 2.0+ Upgrade Support" was enabled. We used the OpenSSL
> binary on the command line and found SSLv2 and SSLv3 are definitely
> turned off as Nginx denied the use of these protocols. Only TLSv1 was
> allowed.
> 
> The problem is the SSLv2 upgrade support handshake is somehow accepted
> according to SSL Labs. I am not sure how to verify this handshake
> myself.
> 
> According to SSL Labs "SSL 2.0+ Upgrade Support" means, "...the server
> supports SSLv2 handshake, even though it may not support SSLv2 itself.
> Essentially it's an optimization. Instead of a client first requesting
> SSLv2 (with a SSLv2 handshake) and failing (if the server does not
> support it), then having to request SSLv3 or better (with a SSLv3
> handshake), the client can use the SSLv2 handshake to indicate support
> for newer protocols." The full news group thread containing this quote
> can be found at:
> 
>   http://sourceforge.net/mailarchive/forum.php?thread_name=20100629171623.43012oj4b2hgrzi8%40webmail.mxes.net&forum_name=ssllabs-discuss
> 
> Lastly, in order for a server to be considered "FIPS 140-2 Compliant"
> it must not respond to any SSLv2 or SSLv3 protocol requests. Only
> TLSv1 (version 1.0 to 1.2) are accepted. 
> 
> We appreciate any help, suggestions or clarification. 

As I understand OpenSSL sources it disables SSL 2.0+ upgrade support,
only if FIPS is enabled. If you built OpenSSL with FIPS support,
then add in openssl.cnf:

openssl_conf = openssl_options

[ openssl_options ]
alg_section = algs

[ algs ]
fips_mode = yes


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list