TLS_FALLBACK_SCSV and OpenSSL

[kafkaah]

Hi,

According to the info I found, TLS_FALLBACK_SCSV is provided since openssl-1.0.1e-30, and should therefore prevent any openssl fallback exploit.

For some reason, even though the correct version of OpenSSL is installed (openssl-1.0.1e-30.el6.8.x86_64), and Apache is properly configured and was restarted, this simple test fails:

Code: Select all

openssl s_client -servername www.example.com -connect www.example.com:443 -fallback_scsv -tls1_1

This command line should output:

Code: Select all

139919444293448:error:1409443E:SSL routines:SSL3_READ_BYTES:tlsv1 alert inappropriate fallback:s3_pkt.c:1259:SSL alert number 86

but doesn't. The fallback to TLS 1.1 goes through, without error.

This is quite a boggling situation, since a very similar server of mine (they are both running CentOS 6.6), with the exact same OpenSSL version does react in the proper way, by rejecting, with the error message above, the fallback request.

What is happening?

Thanks.

[avij]

Perhaps you are using a non-CentOS openssl? You can examine which libraries httpd is using with lsof -n | grep httpd | grep ssl. You can then run rpm -qf /path/sslfilename.so to see which package provides that file, if any.

Another option is that perhaps there's some sort of a reverse proxy in front of the webserver.

[kafkaah]

Many thanks... You are right...

mod_spdy is the culprit... its implementation of mod_ssl does not provide TLS_FALLBACK_SCSV... Totally forgotten about the patch...

Best regards