My domain is: www.focusmongolia.com
I got a notification from a security scanner that my site is vulnerable and I need to upgrade to OpenSSL 1.1.1L or beyond.
Is there a way for me to tell which version of OpenSSL my Let's Encrypt certificate is running?
My hosting provider, if applicable, is: Siteground
Your certificate has nothing to do with your OpenSSL version.
It needs one, but you can upgrade it or replace it (with gnuTLS, rustTLS, etc...) at will*
*(subject to your distribution and hosting provider limits.)
To see what version of OpenSSL you're running, open a shell and run openssl version
Take advice from automated security scanners with a grain of salt. Sometimes, advice like this is wrong and useless. It really depends what the scanner is, what the vulnerability/reason is. In other words, it requires interpretation. Siteground are probably already staying on top of important updates on their shared servers. Since it is a shared server, you can't do anything about it anyway.
Ok, I am pretty confident you have nothing to worry about.
https://www.ssllabs.com/ssltest/analyze.html?d=www.focusmongolia.com&hideResults=on
Maybe, just maybe, you should have a look here:
Were they thoughful enough to also provide you with their (malicious) link to such an "upgrade"?
I would never trust something you didn't request... OR did you request such a scamn?
Now that I think of it, where does a webserver leak its openssl version?
It likely doesn't, they are using some sort of "fingerprinting".
OR just a straight up lie.
Thank you! When you say open a shell, you mean SSH in Terminal right? Sorry. This is not my area of expertise.
Thank you! That is Siteground's position, that everything is current and secure. I just don't know enough about it.
This is super helpful.
That is great advice. In this case, it is something that we had scheduled, along with dark web email scans and such.
Yes, I mean SSH.
I believe most default installs of Apache will show it in the Server HTTP header (or at least they used to). I know I've used ServerTokens Prod or something similar in the past to hide the OpenSSL so that a simplistic scanning took didn't think we had an outdated OpenSSL when it was fully patched. (CentOS/RHEL's habit of backporting security fixes without updating the main version number tends to cause a lot of false positives
with scanning tools in my experience.) That is, scanning tools would complain if they saw an old version number, but wouldn't complain if there wasn't a version number listed at all in the header.
Debian does the same. It makes sense: feature freeze, but security patches get applied. New features can break things.
Yeah, I think I remember some openssl version numbers in headers or server signatures, but we're talking a looong time ago. (And I'm not actually sure where I saw that)
This sounds like a scam to me too.
@kjadams, Would you be able/willing to share the raw email message you received here, including headers?
There were no security patches in 1.1.1l that can be triggered in a nginx+openssl combination (what you're apparently running). It's hard to identify the exact openssl patch level someone's running (1.1.1 is obvious due to TLS 1.3), but there are no relevant patches in 1.1.1l, which is strange.
Having a closer look at your TLS configuration, I saw some very weird/unusual things*, but nothing outright insecure on the TLS layer (did not really look at HTTP/Wordpress).
*Among them were
So I conclude with others.
You can check your OpenSSL version with the following command:
openssl version
OpenSSL 1.1.1f 31 Mar 2020
Also note in my case I am using Unbuntu 20.04 LTS and Unbuntu patches openssl
but does not change the letter version of openssl.
I am agreeing with @Nummer378
Latest News from OpenSSL is here https://www.openssl.org/
The OpenSSL Changelog can be found here https://www.openssl.org/news/changelog.html
and if you follow the the links for 1.1.1 you can see the changes between the 1.1.1 letter versions
here https://www.openssl.org/news/cl111.txt
Here are the changes from 1.1.1l to 1.1.1m
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
[Bernd Edlinger]
*) Fixed building on Debian with kfreebsd kernels
[Mattias Ellert]
*) Prioritise DANE TLSA issuer certs over peer certs
[Viktor Dukhovni]
*) Fixed random API for MacOS prior to 10.12
These MacOS versions don't support the CommonCrypto APIs
[Lenny Primak]
Here are the changes from 1.1.1k to 1.1.1l
Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
*) Fixed an SM2 Decryption Buffer Overflow.
In order to decrypt SM2 encrypted data an application is expected to call the
API function EVP_PKEY_decrypt(). Typically an application will call this
function twice. The first time, on entry, the "out" parameter can be NULL and,
on exit, the "outlen" parameter is populated with the buffer size required to
hold the decrypted plaintext. The application can then allocate a sufficiently
sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
value for the "out" parameter.
A bug in the implementation of the SM2 decryption code means that the
calculation of the buffer size required to hold the plaintext returned by the
first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
called by the application a second time with a buffer that is too small.
A malicious attacker who is able present SM2 content for decryption to an
application could cause attacker chosen data to overflow the buffer by up to a
maximum of 62 bytes altering the contents of other data held after the
buffer, possibly changing application behaviour or causing the application to
crash. The location of the buffer is application dependent but is typically
heap allocated.
(CVE-2021-3711)
[Matt Caswell]
*) Fixed various read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
structure which contains a buffer holding the string data and a field holding
the buffer length. This contrasts with normal C strings which are repesented as
a buffer for the string data which is terminated with a NUL (0) byte.
Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
own "d2i" functions (and other similar parsing functions) as well as any string
whose value has been set with the ASN1_STRING_set() function will additionally
NUL terminate the byte array in the ASN1_STRING structure.
However, it is possible for applications to directly construct valid ASN1_STRING
structures which do not NUL terminate the byte array by directly setting the
"data" and "length" fields in the ASN1_STRING array. This can also happen by
using the ASN1_STRING_set0() function.
Numerous OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "data" field, then a read buffer overrun can occur.
The same thing can also occur during name constraints processing of certificates
(for example if a certificate has been directly constructed by the application
instead of loading it via the OpenSSL parsing functions, and the certificate
contains non NUL terminated ASN1_STRING structures). It can also occur in the
X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
If a malicious actor can cause an application to directly construct an
ASN1_STRING and then process it through one of the affected OpenSSL functions
then this issue could be hit. This might result in a crash (causing a Denial of
Service attack). It could also result in the disclosure of private memory
contents (such as private keys, or sensitive plaintext).
(CVE-2021-3712)
[Matt Caswell]This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.