Why doesn't the TLS protocol work without the SSLv3 ciphersuites?

  • While disabling SSLv3 from our ssl.conf files to overcome the Poodle vulnerability, I also disabled the SSLv3 ciphers using !SSLv3. With the ciphers disabled, we were not able to access the website through Firefox and IE. The following was the error message from Firefox:

    An error occurred during a connection to xxxx.example.com.
    Cannot communicate securely with peer: no common encryption algorithm(s).
    (Error code: ssl_error_no_cypher_overlap)
    

    So we went back and enabled the SSLv3 ciphersuite and it all started working fine. Right now, the SSLv3 protocol is disabled, but the SSLv3 ciphers are enabled.

    • Am I assuming correctly that we got the error with one of the browsers because TLS ciphers were not available in the browser?
    • Is it possible that the protocol used is TLSv3, but the ciphers are of SSLv3?

    SSLProtocol all -SSLv2 -SSLv3
    #SSLProtocol -all +SSLv3
    #   SSL Cipher Suite:
    # List the ciphers that the client is permitted to negotiate.
    # See the mod_ssl documentation for a complete list.
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW
    

    We can upgrade the browsers at our office, but can't do that on our customer's machines. Is having SSLv3 protocol disabled, but with the ciphers enabled a recommended setup? In other words, are we okay with connecting through TLS with SSLv3 ciphers?

  • I presume from your ssl.conf setting that you are using the mod_ssl module from Apache web server. This module relies on OpenSSL to provide the cryptography engine.

    From the documentation on OpenSSL, it states:

    Protocol version: SSLv2, SSLv3, TLSv1.2. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1

    You can confirm the above by running the following command:

    $ openssl ciphers -v 'TLSv1' | sort
    ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
    ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
    ADH-CAMELLIA128-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(128) Mac=SHA1
    ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) Mac=SHA1
    ...
    

    This means that if your configuration file excludes ciphersuite SSLv3, you are effectively removing support for TLSv1.0 too! That leaves you with ciphersuite TLSv1.2 only since support for SSLv2 has also been removed:

    $ openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv3' | sort
    AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
    AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
    AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
    AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
    ...
    

    From the above, it is not hard to see why you should NOT remove SSLv3 from the ciphersuite. Disabling SSLv3 protocol is more than sufficient to protect your clients from POODLE vulnerability.

    The error message you are experiencing is likely because you are using older browsers such as Firefox < 27.0 or Internet Explorer < 11.0 as these versions do not support TLSv1.2 by default.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM