SSL/TLS 存在Bar Mitzvah Attack漏洞【CVE-2015-2808】/CNNVD-201503-654/CNCVE-20152808/CNVD-2015-02171
一、漏洞描述
1.详细描述
该漏洞是由功能较弱而且已经过时的RC4加密算法中一个问题所导致的。它能够在某些情况下泄露SSL/TLS加密流量中的密文,从而将账户用户名密码、信用卡数据和其他敏感信息泄露给黑客。
2.解决方法
1)服务器端禁止使用RC4加密算法。
2)客户端应在浏览器TLS配置中禁止RC4。
3.验证方法
根据SSL/TLS 存在Bar Mitzvah Attack漏洞原理,通过跟目标站点进行SSL握手并根据目标站点返回的Server Hello消息中的加密算法进行漏洞验证。
在终端通过openssl命令验证:
openssl s_client -connect host:443 -cipher RC4返回内容出现handshake failure说明RC4已禁用,否则需要修复,如下图:
[root@centos-test ~]# openssl s_client -connect 10.1.3.208:9600 -cipher RC4
CONNECTED(00000003)
140650223695760:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alertilure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 135 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1710242176
Timeout : 300 (sec)
Verify return code: 0 (ok)
---下图表示RC4算法未禁用:
[root@centos-test ~]# openssl s_client -connect 10.1.3.184:443 -cipher RC4
CONNECTED(00000003)
depth=0 C = CN, ST = \E5\B9\BF\E4\B8\9C\E7\9C\81, L = \E6\83\A0\E5\B7\9E\E5\B8\82, O = \E6\83\A0\E5\B7\9E\E4\BA\BF\E7\BA\AC\E9\94\82\E8\83\BD\E8\82\A1\E4\BB\BD\E6\9C\89\E9\99\90\E5\85\AC\E5\8F\B8, CN = *.evebattery.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = \E5\B9\BF\E4\B8\9C\E7\9C\81, L = \E6\83\A0\E5\B7\9E\E5\B8\82, O = \E6\83\A0\E5\B7\9E\E4\BA\BF\E7\BA\AC\E9\94\82\E8\83\BD\E8\82\A1\E4\BB\BD\E6\9C\89\E9\99\90\E5\85\AC\E5\8F\B8, CN = *.evebattery.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=CN/ST=\xE5\xB9\xBF\xE4\xB8\x9C\xE7\x9C\x81/L=\xE6\x83\xA0\xE5\xB7\x9E\xE5\xB8\x82/O=\xE6\x83\xA0\xE5\xB7\x9E\xE4\xBA\xBF\xE7\xBA\xAC\xE9\x94\x82\xE8\x83\xBD\xE8\x82\xA1\xE4\xBB\xBD\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8/CN=*.evebattery.com
i:/C=US/O=DigiCert, Inc./CN=GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1
---
Server certificate
-----BEGIN CERTIFICATE-----
M7AU4=
-----END CERTIFICATE-----
subject=/C=CN/ST=\xE5\xB9\xBF\xE4\xB8\x9C\xE7\x9C\x81/L=\xE6\x83\xA0\xE5\xB7\x9E\xE5\xB8\x82/O=\xE6\x83\xA0\xE5\xB7\x9E\xE4\xBA\xBF\xE7\xBA\xAC\xE9\x94\x82\xE8\x83\xBD\xE8\x82\xA1\xE4\xBB\xBD\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8/CN=*.evebattery.com
issuer=/C=US/O=DigiCert, Inc./CN=GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1
---
No client certificate CA names sent
---
SSL handshake has read 2111 bytes and written 449 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : RC4-SHA
Session-ID: 2C3E00002F888E85B36B959EB4CE9B10C244CB230611FFFCA74A32E4F509AFD5
Session-ID-ctx:
Master-Key: 7F5C354B66E700951EEDF69A8EFAFB3421619E985C4E434461703C25D31B4980BCEECDE56EB645EFDE50774AB7D40109
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1710242606
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)二、修复方法
1.nginx中禁用RC4
在nginx配置参数ssl_ciphers中添加!RC4,如下:
server{
listen 443 ssl;
server_name xxx.xxx.cn;
ssl_certificate /etc/nginx/ssl/xxx.xxx.cn/cert.pem;
ssl_certificate_key /etc/nginx/ssl/xxx.xxx.cn/key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:!RC4:!RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://xxx.xxx.xxx.xxx:8080;
}
}2.Tomcat禁用RC4
通过修改server.xml配置文件
1)Tomcat 6或7 + jdk6
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
sslEnabledpotocols="TLSv1,TLSv1.1,TLSv1.2"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystoreFile="D:backupmyssl.jks" keystorePass="myPassword"
sslProtocol="TLS" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
/>2)Tomcat 7+ jdk7
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
sslEnabledpotocols="TLSv1,TLSv1.1,TLSv1.2"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystoreFile="D:backupmyssl.jks" keystorePass="myPassword"
sslProtocol="TLS" ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSVF"
/>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
如果是JDK8及以上版本 ciphers 可填
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA
3.Apache禁用RC4
更新Apache根目录下 conf/httpd.conf 文件如下:
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLProtocol TLSv1 TLSv1.1 TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4
</VirtualHost>
</IfModule>4.IIS等Windows应用
1)从以下地址下载2868725补丁程序,(已无从下载)
2)修改注册表,
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000 - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000 - [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000
注:Windows 8.1、Windows Server 2012 R2 或 Windows RT 8.1及以上已包含限制RCF4使用的功能。不需安装2868725。
参考链接:
https://blog.csdn.net/l2931050/article/details/124182918
http://www.manongjc.com/detail/50-nbsiguuitlybqfh.html
信息全面:
https://www.cnblogs.com/zcg-cpdd/p/14504490.html
