[stunnel-users] Security suggestions on stunnel with SSL/TLS and SNI configuration

Michal Trojnara Michal.Trojnara at mirt.net
Thu Aug 27 16:45:59 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 27.08.2015 11:41, Secure-Mail User wrote:
> i am planning to support SSLv3 and TLSv1.2 on the same Port via
> SNI. This has backwards-compatibility reasons.

SNI is a TLS extension.  It requires TLS version 1.0 or later.
https://tools.ietf.org/html/rfc3546#section-3.1

TLS extensions are not supposed to allow for a version rollback:
https://tools.ietf.org/html/rfc3546#section-5
If SNI allows for a version rollback on an SSL/TLS library, it should
be considered a vulnerability of this library.

As the result, all SSLv3 connections will *not* be redirected by SNI,
which should work fine for you.

> Using the "sslversion=SSLv3" or "options=NO_SSLv3" directives
> affect all services. The default and the SNI.

"options=NO_SSLv3" is currently the default.
You may change it with "options=-NO_SSLv3".

The "option" option may be specified in individual service sections,
and not only as a global default.

> I was not able to use e.g. sslversion=SSLv3 for the default host
> and change to sslversion=TLSv1.2 on the SNI host.

Good.  SNI is not supposed to work with SSLv3.

> The first sslversion directive read per conf-file seems to be set
> and may not be changed with later invocations, right?

The RFC only says TLS extension should not allow for version rollback,
but it makes sense to disallow any changes of the protocol version.

> So I ended up with restricting the SSLv3 / TLSv1.2 via ciphers
> only. So the default service has SSLv3 ciphers and
> options=NO_SSLv2, the SNI service hast TLS1.2 ciphers only (thus
> only accepts TLSv1.2 connections)
[cut]
> Are cipher restrictions sufficient to sort out old SSLvX protocols
> and sort of FORCE TLS1.2 only?

You should be able to restrict the SNI service to only allow a
specific TLS version with "options" specified within the SNI service
section.

> Is it possible to use some SSLvX based negotiations prior to 
> cipher-negotiation on the SNI-TLS1.2 service, because i did not 
> explicitly use sslversion=TLS1.2 directive?

As TLS version 1.0 or higher is required for the SNI extension, you
won't get any SSL connections in your SNI sections.

Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJV3yKmAAoJEC78f/DUFuAUU5MQAKiAE781w/RcnpSM/Zg3cmg3
wOOakzVwvvSJrpOz1CdBJU+ZYPx94q4sE+hwe27KRU+BAAGuuaT0P47IoZnN+4Jk
J02JykqigYn6Dz7GLltGh4s9RMy6oHRlD8Dz+p5VoXp70e5J9FJgWnDVyrVFWYgz
hEb+Y9315AmKHuPEioIpEBipMZxsdMzHXgI1WXOtTDmz6digwwJ86Nk3+VKjoYlA
fN5oqHbjzOXnTdxZsvSRwyiCk/TraaoPU/XfOjpbmxccEAOievreg9g/xa13mkbz
NtPdIl3LOTkZK67G2HAuHTbktdGF8tV2T82bDFneCpf8lfEVLIGhq5oaIoiq7TXE
kAfAoohRSTHeW40CRmXyacSeicAhnGhpY6Wp7RDI/QUN5TDvw7ZfbMmb82SfJMX2
uUIYV4RYmqZo8J5dKJo0PlHg/AKEvFgkft++1I9W2eaZMRIc7Q9D/nGcV1qZDUCG
h/D6yfdiOvuPjSDqKZObNm5C4DwQmqrHQ6qqfQvrRBm8MgwhXlfpou0CYa77RnBJ
gMnp0PV/ojzEvNH7MJXRIeh5WrRiV0XMyqoMIlBCUosFMxqHGAIaMd2FkbCYPf47
UFewvOJENewA9ssSSg9oj/KKX1fDZwMNJ6UAsfe/n5nN56MONiW0//vNC98NPYA2
PIGK94LqLHEIK+/mHJ6U
=eyfk
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list