How to block DROWN attack – Fix SSL vulnerability in Linux, Apache, Nginx, Exim and other servers
On March 1, 2016, a new SSL vulnerability called DROWN (Decrypting RSA with Obsolete and Weakened Encryption) was disclosed by security researchers.
This vulnerability (aka CVE-2016-0800) allows attackers to decrypt even strong TLSv1.2 connections, if the server supports the obsolete SSLv2 protocol.
As reports filter in, it is known that even large websites such as Yahoo, Samsung, Alibaba, etc. are affected by this vulnerability. Your server might be affected if you have NOT EXPLICITLY DISABLED SSLv2.
Bobcares maintains server infrastructure of several small, mid-size and large online businesses. In these servers, we keep old protocols such as SSLv2 and SSLv3 fully DISABLED.
Since the last SSL POODLE vulnerability scare, SSL cipher strength check is a standard part of our daily security scans on the servers we maintain.
Today, all our security teams re-confirmed that none of the servers under our care is vulnerable to the DROWN attack. Here’s how we did the scans:
Are you vulnerable to DROWN attack? Find using SSLyze
For each each server, we listed all the public IPs in it, and all the open ports in it. Then we used an SSL scanning tool called SSLyze to check if SSLv2 ciphers are supported. We use this tool because we’ve seen that other ways of verifying weak ciphers (like openssl client connect, nmap, etc.) may not be 100% accurate.
The command is:
secsev # sslyze_cli.py --sslv2 203.0.113.25:443
In the servers we maintain it returned the below result:
SCAN RESULTS FOR 203.0.113.25:443 ------------------------------------------------------ * SSLV2 Cipher Suites: Rejected: TLS_RSA_WITH_NULL_MD5 TCP / Received RST SSL_CK_RC4_64_WITH_MD5 TCP / Received RST SSL_CK_RC4_128_WITH_MD5 TCP / Received RST SSL_CK_RC4_128_EXPORT40_WITH_MD5 TCP / Received RST SSL_CK_RC2_128_CBC_WITH_MD5 TCP / Received RST SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 TCP / Received RST SSL_CK_IDEA_128_CBC_WITH_MD5 TCP / Received RST SSL_CK_DES_64_CBC_WITH_MD5 TCP / Received RST SSL_CK_DES_192_EDE3_CBC_WITH_MD5 TCP / Received RST
This means, all SSLv2 requests were rejected.
But, if a server is vulnerable, something like the following will be shown:
SCAN RESULTS FOR 203.0.113.77:443 -------------------------------------------------- * SSLV2 Cipher Suites: Preferred: SSL_CK_RC2_128_CBC_WITH_MD5 - 128 bits Accepted: SSL_CK_RC4_128_WITH_MD5 - 128 bits SSL_CK_RC2_128_CBC_WITH_MD5 - 128 bits SSL_CK_DES_192_EDE3_CBC_WITH_MD5 - 112 bits SSL_CK_DES_64_CBC_WITH_MD5 - 56 bits SSL_CK_RC4_128_EXPORT40_WITH_MD5 - 40 bits SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 - 40 bits
This command command checks if SSLv2 is enabled in port 443.
In the servers we maintain, the same was repeated on all ports, such as 465 (SSL-SMTP), 993 (SSL-IMAP), 995(SSL-POP3), etc. A server is vulnerable to DROWN if ANY port in the server has SSLv2 available.
Are your servers vulnerable to DROWN?
In using the above scan, if you found SSLv2 to be enabled in ANY service, you should consider your server, and any other server with the same private key – certificate pair as vulnerable. This is because, once the session key is obtained through a weak SSLv2 connection, any further communication between that client, and ANY other server with the same private key is open.
How to fix DROWN vulnerability?
Before we get into what can be done, its important to know that DROWN DOES NOT steal your private key. So you do not have to get a new certificate or a private key.
But you will need to make sure SSLv2 is fully disabled in all your servers and all your services. There are a couple of ways to go about it:
- Patch your OpenSSL, IIS (Internet Information Services) or NSS (Network Security Services) servers.
- Disable SSLv2 protocol in all your public facing services.
Bobcares provides Outsourced Hosting Support and Outsourced Server Management for online businesses. Our services include Hosting Support Services, server support, help desk support, live chat support and phone support.