how to deny the SSL v2.0 handshake when SSL v2.0 is disabled

Calomel Org kepler at calomel.org
Thu Jul 1 00:21:25 MSD 2010 

Is there any way to completely disable the SSL v2.0 handshake when SSL
v2.0 support is disabled in nginx.conf ?

This is the SSL configuration used and only TLSv1 is enabled in
"ssl_protocols".
  
  ## Nginx SSL (FIPS 140-2 experimental)
   ssl on;
   ssl_certificate /ssl_keys/host.org_ssl.crt;
   ssl_certificate_key /ssl_keys/host_ssl.key;
   ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA;
   ssl_dhparam /ssl_keys/host_dh.pem;
   ssl_prefer_server_ciphers on;
   ssl_protocols TLSv1;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 5m;

The reason this question has come up is SSL Labs has recently been in
the news promoting a tool to check the compliance of a SSL server. We
thought we would check our host and we ranked at the very top (93%) of
the "Recent Best-Rated". The testing site can be found here:  

  https://www.ssllabs.com/ssldb/index.html

When we checked our server (https://calomel.org) with their tool it
reported "SSL 2.0+ Upgrade Support" was enabled. We used the OpenSSL
binary on the command line and found SSLv2 and SSLv3 are definitely
turned off as Nginx denied the use of these protocols. Only TLSv1 was
allowed.

The problem is the SSLv2 upgrade support handshake is somehow accepted
according to SSL Labs. I am not sure how to verify this handshake
myself.

According to SSL Labs "SSL 2.0+ Upgrade Support" means, "...the server
supports SSLv2 handshake, even though it may not support SSLv2 itself.
Essentially it's an optimization. Instead of a client first requesting
SSLv2 (with a SSLv2 handshake) and failing (if the server does not
support it), then having to request SSLv3 or better (with a SSLv3
handshake), the client can use the SSLv2 handshake to indicate support
for newer protocols." The full news group thread containing this quote
can be found at:

  http://sourceforge.net/mailarchive/forum.php?thread_name=20100629171623.43012oj4b2hgrzi8%40webmail.mxes.net&forum_name=ssllabs-discuss

Lastly, in order for a server to be considered "FIPS 140-2 Compliant"
it must not respond to any SSLv2 or SSLv3 protocol requests. Only
TLSv1 (version 1.0 to 1.2) are accepted. 

We appreciate any help, suggestions or clarification. 

--
   Calomel @ https://calomel.org
   Open Source Research and Reference

More information about the nginx mailing list