Seguridad: Glassfish Renegociación de SSLv3 y TLS

¿Qué dice Oracle referente a la vulnerabilidad de Renegociación de SSLv3 y TLS?

Fuente: Transport Layer Security (TLS) Renegotiation Issue Readme- http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html

¿Cómo se verifica si nuestro server es vulnerable?

Fuente: Transport Layer Security (TLS) Renegotiation Issue Readme - https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Example_4_Checking_for_Client-initiated_Renegotiation_and_Secure_Renegotiation_via_openssl_.28manually.29

Example 4 Checking for Client-initiated Renegotiation and Secure Renegotiation via openssl (manually)

Openssl [30] can be used for testing manually SSL/TLS. In this example the tester tries to initiate a renegotiation by client [m] connecting to server with openssl. The tester then writes the fist line of an HTTP request and types “R” in a new line. He then waits for renegotiaion and completion of the HTTP request and checks if secure renegotiaion is supported by looking at the server output. Using manual requests it is also possible to see if Compression is enabled for TLS and to check for CRIME [13], for ciphers and for other vulnerabilities.

$ openssl s_client -connect www2.example.com:443
CONNECTED(00000003)
depth=2 ******
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:******
   i:******
 1 s:******
   i:******
 2 s:******
   i:******
---
Server certificate
-----BEGIN CERTIFICATE-----
******
-----END CERTIFICATE-----
subject=******
issuer=******
---
No client certificate CA names sent
---
SSL handshake has read 3558 bytes and written 640 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DES-CBC3-SHA
    Session-ID: ******
    Session-ID-ctx: 
    Master-Key: ******
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: ******
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

Now the tester can write the first line of an HTTP request and then R in a new line.

HEAD / HTTP/1.1
R

Server is renegotiating

RENEGOTIATING
depth=2 C******
verify error:num=20:unable to get local issuer certificate
verify return:0

And the tester can complete our request, checking for response.

HEAD / HTTP/1.1

HTTP/1.1 403 Forbidden ( The server denies the specified Uniform Resource Locator (URL). Contact the server administrator.  )
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 1792  

read:errno=0

Even if the HEAD is not permitted, Client-intiated renegotiaion is permitted.

Como se verifica para Glassfish?

Fuente: https://scottlinux.com/2011/11/03/how-to-check-for-ssl-renegotiation

Si no es vulnerable debe de mostrar el siguiente resultado:

---

GET / HTTP/1.0

R

RENEGOTIATING

140735300143548:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:

:~$

Ejemplo:

$ openssl s_client -connect scottlinux.com:443

CONNECTED(00000003)

depth=0 CN = li166-66.members.linode.com

verify error:num=18:self signed certificate

verify return:1

depth=0 CN = li166-66.members.linode.com

verify return:1

---

Certificate chain

 0 s:/CN=li166-66.members.linode.com

   i:/CN=li166-66.members.linode.com

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIBwzCCASwCCQDq0eIRQD71bTANBgkqhkiG9w0BAQUFADAmMSQwIgYDVQQDExts

aTE2Ni02Ni5tZW1iZXJzLmxpbm9kZS5jb20wHhcNMTAwNzI0MjAwOTE0WhcNMjAw

NzIxMjAwOTE0WjAmMSQwIgYDVQQDExtsaTE2Ni02Ni5tZW1iZXJzLmxpbm9kZS5j

b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOOxaSrBkgHACSBgKtZOECOH

s5VwnUfdghEJrgtmyqeUw78pNZX/wq3BGnmkUsB+cYd+YNMbdkxAHjMTi21u+/T3

Id7tjSDNzLIop4joUUdUkmIxZqp+8RmOq0+6FHTAF761qBr3Mgc64G96ToiGZopv

9Uo5adbdcfgCbA71u+zZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA1vgLRRsL7Mmp

oVadISEvjWrV/eePuW2ylWi9NQJua863ouwObN6GKRs+nIaPESc6hSIcGs2zOXIm

1e/eGyqYzQVUZDvKT11TKQp3SioYLwatjwpftM8sRykqSNZgiUSwxa3Q9vS/ZzbQ

wILdu9Dk8yCkDVPbbZK087oSfHIFbvw=

-----END CERTIFICATE-----

subject=/CN=li166-66.members.linode.com

issuer=/CN=li166-66.members.linode.com

---

No client certificate CA names sent

---

SSL handshake has read 1205 bytes and written 409 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: zlib compression

Expansion: zlib compression

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: E94F5D1CB4CD23EFEB64DD869FD9E0120043C788AFA706DF106905E54E6C7163

    Session-ID-ctx: 

    Master-Key: 212EC6D6BB98CF4766B4AD42142F5C3283EFF2564172710EE26415D50FF99B7DC197B1CAC552A18D7674490A224CBF92

    Key-Arg   : None

    PSK identity: None

    PSK identity hint: None

    TLS session ticket:

    0000 - 45 af 98 09 0a 81 dd c7-60 dd e3 97 d1 5d a9 68   E.......`....].h

    0010 - 34 6f 09 06 13 95 41 e9-cf 21 8e 9b 68 8b 4a 11   4o....A..!..h.J.

    0020 - c5 f7 a8 ab 7d 50 0a d8-e6 17 84 a7 9a 9c f7 8d   ....}P..........

    0030 - d8 b3 0e c5 84 cc c9 44-39 4c 0d ce 75 73 26 fb   .......D9L..us&.

    0040 - 31 a5 fb ae b1 e5 d8 7d-7b f9 c7 66 83 1c 85 1f   1......}{..f....

    0050 - 60 de fa 77 ad 26 a4 30-9f f4 d7 3e be 91 10 72   `..w.&.0...>...r

    0060 - 3f 52 b5 38 47 0a c1 d0-0e aa a3 16 47 87 17 3f   ?R.8G.......G..?

    0070 - 8b 23 52 61 ae 6b 5f 28-08 ee 99 8e 01 19 89 3a   .#Ra.k_(.......:

    0080 - 2f 28 2d 71 20 2b 1d 2d-82 83 91 b4 50 90 d4 eb   /(-q +.-....P...

    0090 - 37 e7 eb c6 93 12 68 11-cb d3 f8 e3 d6 b6 ca 10   7.....h.........

    00a0 - cf 59 dd ff d4 b9 81 e4-35 80 99 25 1f 05 e1 04   .Y......5..%....

    00b0 - 4c 18 6a 8d 0c 0e 3d 88-63 cb 35 97 97 2b b9 a6   L.j...=.c.5..+..

    Compression: 1 (zlib compression)

    Start Time: 1320370833

    Timeout   : 300 (sec)

    Verify return code: 18 (self signed certificate)

---

GET / HTTP/1.0

R

RENEGOTIATING

140735300143548:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:

:~$

XXX:

Si se prueba en su red local es posible que su servidor no sea vulnerable, pero aun le reporten que su servidor es vulnerable, es posible que entre quien realiza la prueba y el server exista un firewall y es  este último quien esta re negociando, debe buscar información para su firewall, en el caso de TMG este link puede resultar útil: Improving SSL Security for Forefront Threat Management Gateway (TMG) 2010 Published Web Sites -> http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html