Confusion Around Report on OpenSSL Vulnerabilities and How It Relates to LetsEncrypt Certificates


#1

I ran a compliance check on an SSL certificate that I got from Let’sEncrypt and learned that the version of OpenSSL used to generate the certificate is no longer supported by the vendor. No further security patches or upgrades will be released by the vendor for this version, and the vendor will not evaluate this version when investigating new vulnerability reports.

As a result, vulnerability exists in the detected version of OpenSSL and they recommend upgrading to OpenSSL 1.0.2g version

Question: Does Let’sEncrypt plan to upgrade to the new version of OpenSSL (1.0.2g or better)?

Thanks


#2

Let’s Encrypt certificates are signed by a HSM (Hardware Security Module). I’m pretty sure no OpenSSL is used.

Could you please explain more about this “compliance check”?


#3

Not sure why the compliance tool reports this as an OpenSSL certificate. Compliance tool was from https://www.pcirapidcomply.com/.

However, here are additional details about potential vulnerability

Description: OpenSSL - fmtstr function improperly calculates string lengths

The detected version of OpenSSL is known to have a vulnerability which allows attackers to obtain sensitive information or cause denial of service because the function |fmtstr| can do a out-of-bounds read and the function |doapr_outch| can do a out-of-bounds write when receiving large amounts of data.

Note: OpenSSL recognises this vulnerability as CVE-2016-0799, and this CVE is referenced in the Security Advisory from 01 March 2016. NVD, and some other sources, split this vulnerability into 2 CVEs: CVE-2016-0799 and CVE-2016-2842. Patch referenced in URLs section addresses both issues.

Remediation: OpenSSL has patched this vulnerability in versions 1.0.1s, and 1.0.2g. Update to one of the specified versions or the newest available version.

References:
https://git.openssl.org/?p=openssl.git;a=commit;h=578b956fe741bf8e84055547b1e83c28dd902c73
https://mta.openssl.org/pipermail/openssl-users/2016-April/003524.html
https://www.openssl.org/news/secadv/20160301.txt


#4

I’m not sure how that CVE would affect certificates?

Can you tell more about the compliance check besides just the URL to some company? Screenshots of the output? How does the check work? Do you input a site? Or a certificate as a file?


#5

I generated a certificate following the instructions from https://certbot.eff.org/#pip-apache.

Then I uploaded the certificate to my webserver.

Then I simply asked the compliance tool to scan the web server using a URL on that server - www.solutionshill.com in this case. The compliance tool is a paid service from TransAmor, so it’s not open to the public.

Here’s a screenshot of the the compliance test report.

I


#6

And what info or thought led you to the conclusion it’s the certificate this tool is reporting about? I’m thinking it reports problems with the OpenSSL version of the webserver!


#7

@Osiris is right: when connecting to the server, it returns the following HTTP header (emphasis added):

Server: Apache/2.4.25 (Amazon) OpenSSL/1.0.1k-fips PHP/5.6.30

This reflects the software that is installed on your web server, and not a property of the certificate. The compliance tester error is responding to this header rather than to anything related to the certificate.

Let’s Encrypt was not responsible for installing this particular software on your computer.


#8

Thanks! I’ll follow up with Amazon.


#9

Hi @solutionshill

Looks like the scanner you used is too focused on the OpenSSL versions and doesn’t really look at your TLS configs (maybe it does)

I suggest using a couple of other scanners

https://www.htbridge.com/ssl/ - PCI NIST and HIPPA evaluation of configs (free)
https://www.ssllabs.com/ssltest/analyze.html?d=solutionshill.com&hideResults=on

Overall it looks like you have a good configuration and an update of the OpenSSL library or web server may patch vulnerabilities.

The only odd thing is that you are returning 3 certificates with your server certificate being sent twice.

Looking at the headers you are using openssl 1.0.1K. You can view the changes in the latest release here: https://www.openssl.org/news/openssl-1.0.1-notes.html. I agree with TransAmor assessment that updating to a newer version of OpenSSL is a good idea (lots of CVEs worked on between K and T)

HOWEVER - before doing any upgrades you should verify that your web server (APACHE) can you the new version and that there are no issues

Andrei


#10

It’s likely some distro package of Apache and OpenSSL that is based on an old version but has all relevant security patches backported. Security scanners that warn based only on reported version numbers can be utterly misleading.

It’s possible it’s not up-to-date too though…


#11

The certificate chain view of SSLLabs doesn’t show the SAN field for the certs in the chain. In reality, this “extra” cert is the same as the end leaf certificate (also with Common Name the www subdomain, with the “bare” subdomain in the SAN field, check completely at the top of the SSLLabs report to see the cert).

Although I agree it’s not necessary to send the end leaf certificate twice, it’s not a different certificate :wink:


#12

Hi @Osiris

openssl also gets 3 certs. You are right san names are being used so all good on that front :smiley:

Thanks for double checking

Andrei


#13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.