Impossible to configure GnuTLS' %SERVER_PRECEDENCE setting in slapd

Bug #1591681 reported by AlainKnaff on 2016-06-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Undecided
Unassigned

Bug Description

While securing our boxes, I noticed that testssl was flagging the absence of server cipher order:

./testssl.sh localhost:636
 Has server cipher order? nope (NOT ok)

While trying to set it using the following command, slapd just crashed:

dapmodify -Y EXTERNAL -H ldapi:/// <<'EOF'
dn: cn=config
changetype: modify
replace: olcTLSCipherSuite
olcTLSCipherSuite: SECURE:-VERS-SSL3.0:-3DES-CBC:-ARCFOUR-128:%SERVER_PRECEDENCE
-
EOF

Without the %SERVER_PRECEDENCE, it works.

According to https://gnutls.org/manual/html_node/Priority-Strings.html and http://blog.lighttpd.net/articles/2013/06/01/mitigating-beast-with-gnutls/ this is indeed the proper setting to add server cipher order.

Same issue happens with %FALLBACK_SCSV ("Downgrade attack prevention NOT supported"). There seems to be no setting to fix "Secure Client-Initiated Renegotiation".

However, adding %SAFE_RENEGOTIATION (although not fixing anything) at least doesn't crash slapd

1) root@xl:~# lsb_release -rd
Description: Ubuntu 14.04.4 LTS
Release: 14.04
2) root@xl:~# apt-cache policy slapd
slapd:
  Installed: 2.4.31-1+nmu2ubuntu8.2
  Candidate: 2.4.31-1+nmu2ubuntu8.2
  Version table:
 *** 2.4.31-1+nmu2ubuntu8.2 0
        500 http://be.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2.4.31-1+nmu2ubuntu8 0
        500 http://be.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
3) What I expected to happen:

There should be a a way to enforce server cipher order in slapd, as well as protect against Client-Initiated Renegotiation and prevent downgrade attacks

4) What happened instead

When trying to enable these settings that would make slapd more secure, it crashes (and after restart, the requested settings are still not enabled)

Ryan Tandy (rtandy) wrote :

Thanks for the report.

Confirmed in trusty, but cannot reproduce in xenial. However, gnutls-serv in trusty does accept the flag.

Can you please check whether this still happens for you on a more recent release, and whether your SSL tester actually reports the problem is fixed?

Changed in openldap (Ubuntu):
status: New → Incomplete
AlainKnaff (kubuntu-misc) wrote :

I tried it on Xenial, but now I get the following error whatever I do with LDAP:

SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:

But, apart from that, trusty is a "long term support" release, and supposed to get security fixes until April 2019

Changed in openldap (Ubuntu):
status: Incomplete → Confirmed
AlainKnaff (kubuntu-misc) wrote :

Oops, I was just missing the -H ldapi:/// along with the -Y EXTERNAL

Now the following works (well, with slapd, not with the textarea on this site, WTF? :-( ):

ldapmodify -Y EXTERNAL -H ldapi:/// <<'EOF'
dn: cn=config
changetype: modify
replace: olcTLSCipherSuite
olcTLSCipherSuite: SECURE:-VERS-SSL3.0:-3DES-CBC:-ARCFOUR-128:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION:%FALLBACK_SCSV
EOF

%SERVER_PRECEDENCE does fix the "server cipher order" => good

However %FALLBACK_SCSV fails to fix "TLS_FALLBACK_SCSV (RFC 7507)" which now says "some unexpected "handshake failure" instead of "inappropriate fallback" (likely NOT ok)"

Moreover, %SAFE_RENEGOTIATION fails to fix "Secure Client-Initiated Renegotiation", it still says VULNERABLE (NOT ok), DoS threat. Or maybe, there's a different setting needed for that?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers