SSLv3漏洞检测及修复

[摘要] Google发布了一份关于 SSLv3 漏洞的简要分析报告。据Google的说法,该漏洞贯穿于所有的 sslv3 版本中,利用该漏洞,黑客可以通过中间人攻击等类似的方式(只要劫持到的数据加密两端均使用SSL3.0),便可以成功获取到传输数据(例如cookies)。目前的临时解决方法是关闭客户端 SSLv3 支持或者服务器 SSLv3 的支持。

我写了一个检查server端SSL协议是否支持 sslv3 的python工具,脚本地址为:
https://github.com/2hei/sslv3check
脚本的简单介绍:

Something needed:
(1) timeout command needed.

Ubuntu/Debian: apt-get install timeout

CentOS: Download timeout rpm for CentOS5.x: wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/crt0solutions:/extras/CentOS_CentOS-5/x86_64/timeout-8.4-20.3.crt0.x86_64.rpm

rpm -ivh timeout-8.4-20.3.crt0.x86_64.rpm

(2) Python2.6+ ENV

Usage: python sslv3_leak_check.py
The script use command to check sslv3 protocol:

openssl s_client -connect ip:port -ssl3
Check result:
ip list of sslv3 leak output file: sslv3ips

good iplist of sslv3 output file: nosslv3ips

根据mozilla的文章,地址:https://wiki.mozilla.org/Security/Server_Side_TLS
该漏洞在主流的http server的修复方法如下:

Nginx
Nginx provides the best TLS support at the moment. It is the only daemon that provides OCSP Stapling, custom DH parameters, and the full flavor of TLS versions (from OpenSSL).

The detail of each configuration parameter, and how to build a recent Nginx with OpenSSL, is at the end of this document.

server {
    listen 443;
    ssl on;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /path/to/dhparam.pem;

    # Intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
 
    # Enable this if your want HSTS (recommended)
    # add_header Strict-Transport-Security max-age=15768000;
 
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
    resolver <IP DNS resolver>;
 
    ....
}

Apache
Apache supports OCSP Stapling, but only in httpd 2.3.3 and later.

In Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter. The configuration below is recommended.

<VirtualHost *:443>
    ...
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key
    SSLCACertificateFile    /path/to/all_ca_certs

    # Intermediate configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
    SSLHonorCipherOrder     on
    SSLCompression          off

    # OCSP Stapling, only in httpd 2.3.3 and later
    SSLUseStapling          on
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
    SSLStaplingCache        shmcb:/var/run/ocsp(128000)
 
    # Enable this if your want HSTS (recommended)
    # Header add Strict-Transport-Security "max-age=15768000"
 
    ...
</VirtualHost>

测试方法:

# openssl s_client -connect xxx.xxx.xxx.xxx:443 -ssl3

---
SSL handshake has read 3935 bytes and written 317 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DHE-RSA-AES256-SHA

修复之后:

# openssl s_client -connect xxx.xxx.xxx.xxx:443 -ssl3
CONNECTED(00000003)
3676:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40
3676:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

u2

Related Posts

Nginx 在if语句中限制IP访问
Nginx 在if语句中限制IP访问

一些web服务,出于安全考虑是不想让其他人访问到,除了添加登录用户认证外,还可以使用Nginx限制IP访问,只允许指定IP的用户访问站点或者接口。

Read more

Continue reading
Cisco SmartInstall 高危漏洞导致的交换机被攻击

[摘要] 安全无小事!作为运维人员要时刻关注你的系统、服务、…

Read more

Continue reading

You Missed

未分类

担心Todesk,向日葵有漏洞和数据泄露?跟我来体验下完美开源替代工具:RustDesk!

  • u2
  • 3月 20, 2026
  • 22 views
未分类

具有自我进化能力的国产大模型:MiniMax M2.7

  • u2
  • 3月 19, 2026
  • 33 views
具有自我进化能力的国产大模型:MiniMax M2.7
未分类

当AI学会读心术:MindPower框架带来的震撼与思考

  • u2
  • 3月 16, 2026
  • 41 views
AI 科技 软件工程

AI并没有简化软件工程:它只是让糟糕的工程更容易实现了

  • u2
  • 3月 14, 2026
  • 50 views
AI安全 未分类

当ChatGPT遭遇QuitGPT!

  • u2
  • 3月 13, 2026
  • 55 views
安全 技术

AI安全护栏:保护还是束缚?一场不对称的战争

  • u2
  • 3月 11, 2026
  • 61 views