SSLv2 Vulnerability

[rhmeyering]

We recently performed a vulnerability assessment and found an issue with SNX SSLv2 implementation.

Does anyone know how to force SNX to use only SSLv3 (TLSv1)?

How can we configure SNX and disable SSLv2 support?

[chillyjim]

Did you actually try and use SSLv1/2 or just a scanner? I know that several products start with an SSLv1 connection and then require TLS to actually complete the process. I forget the reason, but it has to do with some buggy browser implementations.

So something like Nessus will report the SNX uses SSLv1 but in reality it doesn't.

[rhmeyering]

We used a qualysguard scanner you are correct the scanner is simply reporting that sslv2 cipher is enabled and reported during ssl session neogation. We will test for actual sslv2 session capability next, thanks.

[chillyjim]

Knew I had the message burried somewhere. I got this from one of the VPN product team folks a while ago

Quote:

The question here is not of support for SSLv3. We support SSLv3 as well as
the more advanced TLS. The problem here is that we also support SSLv2,
which is less secure. A web browser can connect to a SPLAT gateway using
any of these protocol versions.

In additions to these three protocol versions, there is also a transition
version, where the client sends the first message of SSLv2 (called "Client
Hello") with an attribute that says that it actually supports SSLv3 or TLS.
In that case, the server may either reply using SSLv3 (or TLS) or stay with
SSLv2 depending on its configuration.

The HTTPS server that was scanned supports all 4 modes.

We have considered totally removing support for SSLv2, and supporting only
SSLv3 and TLS. However, this is a bad idea, because Internet Explorer by
default uses the transition (SSLv2 client hello with support for SSLv3, but
no TLS).

Since we can't disable SSLv2, we've done the next best thing. We let the
SSL protocol run, and close the connection if it did not end up as SSLv3 or
TLS. This has the effect of preventing the insecure SSLv2, while still
allowing Internet Explorer to run. Windows Vista and probably some future
Windows XP service pack will have SSLv2 disabled. When this becomes common
enough, we may be able to totally disable SSLv2.

To sum things up:
- R55 allows SSLv2
- NGX only allows SSLv2 for the transition.

One further note: Even in NGX all the SSLv2 negotiation can pass before the
connection is broken. This has no security implication, but may trick Nessus
into reporting that SSLv2 is supported. To demonstrate that this is not so,
you can configure Internet Explorer to support only SSLv2 (uncheck "Use SSL
3.0" under Tools->Internet Options...->Advanced->Security) and try to
connect to the gateway.