Problem

-- In response to the Poodle SSL issue (CVE-2014-3566), you would like to know how to disable SSLv3 in the API Gateway.

Resolution

* According to explanations from experts, the only correct fix for this CVE is to disable SSLv3 support entirely.  This can be done in the gateway by editing a port, going to the Advanced (SSL) tab, unchecking "Use SSLv3," then deploying.  You can also use custom OpenSSL cipher lists for more control.  Refer to the OpenSSL cipher documentation for more information on how to set those.

You can test that support has been correctly removed with OpenSSL's s_client.  For example, to test 'example.com' on port 443, you would run openssl s_client -connect example.com:443 -ssl3



If it is correctly disabled, you should see an error like the following:

3073927320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1258:SSL alert number 40 3073927320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

Connecting successfully bad.  It indicates that you are vulnerable.

For outgoing connections, you can set a cipher list in the appropriate Connect to URL filter, as well.  For servers that allow SSLv3 as well as TLS, one way to push the gateway to use TLS rather than SSLv3 is to create a remote host and enable the option to always send SNI.  Because SNI is a TLS extension, the gateway will then use TLS in favor of SSLv3.

Known Issues

* In versions 7.1.0, 7.1.1 and 7.2.0, the checkbox cipher settings do not save properly.  Please refer to KB 171147 for more information and a work-around.  Changing the SSL cipher list directly (rather than using the checkboxes) will work as expected.

* In older versions like 6.3.1, there are no checkboxes to individually disable incoming SSLv3 connections.  Because those versions use the 0.9.8 branch of OpenSSL, it's not possible to completely remove SSLv3 via cipher settings.  This is because it only supports TLSv1, so the cipher list for that is not distinct from that for SSLv3, so disallowing SSLv3 ciphers will also disallow TLSv1 ciphers.  Currently, this can only be completely solved via upgrading.  Note that 7.x has the same cipher issues as 6.3.1, but this is corrected starting in 7.3.0 where we use the OpenSSL 1.0.1 branch.  That branch has additional ciphers and TLS 1.1 and 1.2 support, so cipher strings that remove SSLv3 (and SSLv2) will not fail due to there being no useable ciphers left.

* The Node Manager's management port must be edited in Policy Studio via 'open file'.  The procedure for this is the same as in KB 168567 so you can follow that and disable SSLv3 as well as SSLv2.

* Those concerned about this vulnerability may wish to ensure that they've upgraded their gateway's OpenSSL.  There is a patch available from support to upgrade gateways running 6.3.0-7.2.3 to OpenSSL 0.9.8zc.  If this is of interest, please submit a request to support asking for the 0.9.8zc patch as well as the SNI TLSext patch for your version and referencing this KB.