1 Reply by tpilouis

(4 replies, posted in wolfSSL)

Hi Kaleb,
I maintain a legacy system. I think move Cyassl to wolfssl is a good way. Web server of my system need support http/https/IPv4/IPv6/cgi, which web server is a good choice? Wolfssl v3.13.0 cannot support yasslEWS 1.0 right?
Wolfssl v3.13.0 can support mongoose server?

Best Regards

tpilouis

Go to forum: wolfSSL

2 Reply by tpilouis

(4 replies, posted in wolfSSL)

Hi Kaleb,

Thanks For Reply. Yes, Nessue scan entire system not only scan Cyassl. My web server is yasslEWS 1.0 + Cyassl 3.3.0, which provides http (port 80) and https (port 443) services. My system does not use Openssl lib, so very strange!

I did a test today and stopped the yasslEWS 1.0 service before Nessus scanned it. The result was normal and Nessus did not report the issue CVE-2010-4180. If yasslEWS 1.0 was enabled before running Nessus, the problem reappeared. This problem always occurs on port 443.

Output
The server allowed the following session over TLSv1 to be resumed as follows :

  Session ID     : b3924b29ba55e3d4b3026fa0db05db71adb018936269ecd2b95ad00a4ce57f67
  Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
  Resumed Cipher : TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Port                              Hosts
443 / tcp / www              192.168.7.80


My System listen port as bellow:
~ # netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      329/dropbear
tcp        0      0 ::%53740:80             ::%385896:*             LISTEN      288/yasslEWS
tcp        0      0 ::%53740:22             ::%386104:*             LISTEN      329/dropbear
tcp        0      0 ::%53740:23             ::%386312:*             LISTEN      296/telnetd
tcp        0      0 ::%53740:443            ::%386520:*             LISTEN      288/yasslEWS
udp        0      0 127.0.0.1:33801         0.0.0.0:*                           290/snmpd
udp        0      0 127.0.0.1:33802         0.0.0.0:*                           336/vcm_serv
udp        0      0 127.0.0.1:33811         0.0.0.0:*                           336/vcm_serv
udp        0      0 127.0.0.1:33821         0.0.0.0:*                           313/sntp
udp        0      0 0.0.0.0:161             0.0.0.0:*                           290/snmpd
udp        0      0 127.0.0.1:33831         0.0.0.0:*                           254/appDemo
udp        0      0 ::%273664:161           ::%321022:*                         290/snmpd
~ #
~ #



Best Regards,

tpilouis

Go to forum: wolfSSL

3 Topic by tpilouis

(4 replies, posted in wolfSSL)

My system use Cyassl v3.3.0. I used Nessue to scan my system, the Nessue report CVE-2010-4180 issue.
How to fix this issue?

CVE-2010-4180
Description
The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher than was used when the session was initiated. This means that an attacker that sees (i.e., by sniffing) the start of an SSL connection can manipulate the OpenSSL session cache to cause subsequent resumptions of that session to use a weaker cipher chosen by the attacker.

Note that other SSL implementations may also be affected by this vulnerability.

Solution
Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.

Output
•    The server allowed the following session over TLSv1 to be resumed as follows :
•   
•      Session ID     : 2deaec4a3d2421a895ca58902a0939f6f53e380bb8d75ee9cca92caf0baff871
•      Initial Cipher : TLS1_CK_RSA_WITH_AES_256_CBC_SHA (0x0035)
•      Resumed Cipher : TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Go to forum: wolfSSL