OpenSSL and PCI compliance

My PCI scan is failing due to a vulnerability in OpenSSL 1.0.2o. They are saying that I should update to 1.0.2.p, which does not exist. I do find though that there is a 1.0.2p-dev. It was my understanding that the system should not be using developmental software for PCI compliance. On top of that, the -dev version does not seem to be available in the ports tree.

How are others handling this?

Thanks,

Marshall
 
On upstream, the latest OpenSSL release of the 1.0.2 series is 1.0.2o. There is no 1.0.2p yet, see https://www.openssl.org/source/. The OpenSSL-Devel in the ports is actually the release version of the 1.1.0 series 1.1.0h. I would say the ports version sails under the false flag "Devel", since it is actually a normal release version. Perhaps, OpenSSL 1.1.0h would be accepted by the PCI scan. After installing security/openssl-devel from the ports, you would need to reinstall your web-server software.
 
For PCI compliance you would need also to deactivate SSL/early TLS protocols. In my Apache config I got the following:
Code:
...
SSLProtocol              All -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite           HIGH:!aNULL:!AES128:!SSLv2:!SSLv3:!TLSv1
...
 
On upstream, the latest OpenSSL release of the 1.0.2 series is 1.0.2o. There is no 1.0.2p yet, see https://www.openssl.org/source/. The OpenSSL-Devel in the ports is actually the release version of the 1.1.0 series 1.1.0h. I would say the ports version sails under the false flag "Devel", since it is actually a normal release version. Perhaps, OpenSSL 1.1.0h would be accepted by the PCI scan. After installing security/openssl-devel from the ports, you would need to reinstall your web-server software.

No, it will not.

CVE-2018-0737 (OpenSSL advisory) [Low severity] 16 April 2018: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Reported by Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
  • Fixed in OpenSSL 1.1.0i-dev (git commit) (Affected 1.1.0-1.1.0h)
  • Fixed in OpenSSL 1.0.2p-dev (git commit) (Affected 1.0.2-1.0.2o)
1.1.0h is also affected according to this notice on OpenSSL website.

Marshall
 
For PCI compliance you would need also to deactivate SSL/early TLS protocols. In my Apache config I got the following:
Code:
...
SSLProtocol              All -SSLv2 -SSLv3 -TLSv1
SSLCipherSuite           HIGH:!aNULL:!AES128:!SSLv2:!SSLv3:!TLSv1
...

I did this years ago.

Marshall
 
Well then, for the time being, as user root:

Just in case:
pkg delete openssl-devel
pkg install openssl

mkdir -p ~/install; cd ~/install
svn co https://github.com/openssl/openssl.git/branches/OpenSSL_1_0_2-stable openssl-1.0.2-stable
cd openssl-1.0.2-stable
./Configure BSD-x86_64 shared --prefix=/usr/local --openssldir=/usr/local/openssl
make depend
make install clean

/usr/local/bin/openssl versionOpenSSL 1.0.2p-dev xx XXX xxxx

Rebuild Apache, telling it to use OpenSSL from the ports.

/usr/local/bin/openssl ciphers -v 'HIGH:\!aNULL:\!RSA:\!SSLv2:\!SSLv3:\!TLSv1'
Code:
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
DH-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(256) Mac=AEAD
DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256) Mac=AEAD
DH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA256
DH-RSA-AES256-SHA256    TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AES(256)  Mac=SHA256
DH-DSS-AES256-SHA256    TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AES(256)  Mac=SHA256
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DH-RSA-AES128-SHA256    TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AES(128)  Mac=SHA256
DH-DSS-AES128-SHA256    TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AES(128)  Mac=SHA256
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA256

PS:

Excerpt of phpinfo():
Bildschirmfoto 2018-07-18 um 20.54.39.png
 
Since this vulnerability requires high level access to the server, such as on a cloud or virtual machine environment, it is not applicable to a dedicated server with limited access. So a waiver was granted.
 
FWIW, as memory serves, and last time I checked. The version in $BASE of OSSL, carries internal patches that I think overcome some, or perhaps all the shortcomings the otherwise stock version(s) suffer from.

--Chris
 
Back
Top