DROWN Attack - CVE-2016-0800
DROWN allows an attacker to decrypt modern TLS connections between up-to-date clients and servers by sending probes to a server that supports SSLv2 and uses the same private key.
DROWN is made worse by two additional OpenSSL implementation vulnerabilities. CVE-2015-3197 and CVE-2016-0703. First let’s update OpenSSL on all servers with Ansible:
Here is Ansible playbook:
~$ cat openssl.yml
---
# Patches openssl problem and restarts needed services
- name: Apply common configration to all nodes
hosts: all
# Uncomment to apply update one server at a time
# serial: 1
tasks:
- name: "Install packages and update cache"
apt: pkg="" state=latest update_cache=yes
with_items:
- openssl
- name: "Restart Services known to be affected"
service: name= state=restarted
with_items:
- ssh
- nginx
- whoopsie
- snmpd
- ntp
- supervisor
- postfix
- dovecot
- apache
- shibd
ignore_errors: yes
- name: "Check that we are safe"
shell: >
if [ "$(openssl version -a | grep built)" != "built on: Fri Dec 4 13:55:16 UTC 2015" ]; then echo "Bad build date"; echo "$(openssl version -a | grep built)"; exit 1; fi
tags: check
- name: "Check that we don't have affected processes running"
shell: >
if [ "$(sudo lsof -n | grep ssl | grep DEL | wc -l)" != "0" ]; then echo "We still have affected processes"; checkrestart; exit 1; fi
tags: check
Let’s apply it to our servers:
~$ ansible-playbook -i ansible_hosts openssl.yml
For Dovecot we need to disable SSLv2, i found the solution on hackernewsmobile.
~# vi /etc/dovecot/dovecot.conf
ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM
After that restart Dovecot:
~# service dovecot restart
On Apache you should also disable SSLv2 and add this lines to your vhosts files, after the <VirtualHost *:443> line.
~ # vi /etc/apache2/sites-enabled/mycompany-ssl
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/private/mycompany.com.pem
SSLProtocol ALL +TLSv1 -SSLv2 -SSLv3
SSLHonorCipherOrder on
# Prefer PFS, allow TLS, avoid SSL, for IE8 on XP still allow 3DES
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+AESGCM EECDH EDH+AESGCM EDH+aRSA HIGH !MEDIUM !LOW !aNULL !eNULL !LOW !RC4 !MD5 !EXP !PSK !SRP !DSS
And after this restart your Apache Server:
~# service apache2 restart
For Nginx we can use this:
~# vi /etc/nginx/ssl-site.conf
# The following nginx SSL configurations disable SSLv2, SSLv3 and TLS1 and setup secure ECDH ciphers.
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# Replace the default 1024bit Diffie-Hellman key with a more secure 4096bit key
# cd /etc/ssl/certs; openssl dhparam -out dhparam.pem 4096
ssl_dhparam /etc/ssl/certs/dhparam.pem;
And after this restart Nginx:
~# service nginx restart
Get Code from project public_drown_scanner on github, and install dependencies.
~$ git clone https://github.com/nimia/public_drown_scanner
~$ cd public_drown_scanner
~$ pip2 install enum pycrypto scapy pyasn1 scapy-ssl_tls --user
Now check if you are vulnerable with this:
~$ python2 scanner.py my-mailserver.com 993
~$ python2 scanner.py my-webserver.com 443
We can use are openssl to check it or use nmap to enumerate available cyphers, but due to CVE-2015-3197, OpenSSL may still accept SSLv2 connections even if all SSLv2 ciphers are disabled.
~$ openssl s_client -ssl2 -connect my-mailserver.com 993
~$ openssl s_client -ssl2 -connect my-webserver.com:443
~$ nmap -Pn --script ssl-enum-ciphers -p 993 my-mailserver.com
~$ nmap -Pn --script ssl-enum-ciphers -p 443 my-webserver.com
Finally you must go to drownattack website and test your Servers ( mail, web, etc)
https://test.drownattack.com/