openssl s_client's '-ssl2' & '-ssl3' options gone, prematurely!
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
SSL2 and SSL3 have been hastily removed, apparently by developers who are unaware that these protocols serve purposes other than encryption. SSL2/3 is *still used* on onion sites. Why? For verification. An onion site has inherent encryption, so it matters not how weak the SSL crypto is when the purpose is purely to verify that the server is owned by who they say it's owned by.
Proof that disclosure attacks on ssl2/3 are irrelevant to onion sites:
https:/
https:/
So here is a real world impact case. Suppose you get your email from one of these onion mail servers:
http://
Some (if not all) use ssl2/3 on top of Tor's inherent onion tunnel. They force users to use ssl2/3, so even if a user configures the client not to impose TLS, the server imposes it. And it's reasonable because the ssl2/3 vulns are orthoganol to the use case.
Some users will get lucky and use a mail client that still supports ssl2/3. But there's still a problem: users can no longer use openssl to obtain the fingerprint to pin. e.g.
$ openssl s_client -proxy 127.0.0.1:8118 -connect xhfheq5i37waj6q
CONNECTED(00000003)
140124399195456
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 44 bytes and written 330 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
That's openssl version 1.1.1k
Being denied the ability to pin the SSL cert is actually a *degredation* of security. Cert Pinning is particularly useful with self-signed certs, as is often the scenario with onion sites.
Thanks for reporting this issue, but we disabled SSLv3 in 2015 in Ubuntu 16.04 LTS. There is absolutely no chance we will be enabling it again.