Issue #9424 has been updated by Motohiro KOSAKI.

ruby -v changed from ruby 2.1.0p0 (2013-12-25 revision 44422) [x86_64-darwin12] to -

 On Sun, Jan 26, 2014 at 10:44 PM,  <mame / tsg.ne.jp> wrote:
 > Issue #9424 has been updated by Yusuke Endoh.
 >
 >
 > Martin Bosslet wrote:
 >> a) I want to apologize for overlooking this
 >
 > Ah, you don't need to apologize at all!  I just wanted to clarify what is relieved and what is not.
 >
 >
 >> Like @shyouhei, I still believe the best solution would be asking OpenSSL to fix this for all of us.
 >
 > Me too, but I'm curious about the reason why OpenSSL people don't "improve" the defaults.
 > (OT: insecure default is not a bug itself; I'd like to use "improve" rather than "fix".)
 >
 > One possible answer: They are simply unable, due to various reasons such as compatibility, lack of resource, etc.  They have intention of doing that in the future.  There is no problem in this case.
 >
 > Another answer: Their goal is just to provide toolkit, and secure defaults are out of scope.  In this case, they won't improve it.  (I have no intention of blaming them.  Deciding secure defaults is a hard task.  Effort allocation looks quite reasonable to me.)  Anyway, I'm afraid if just waiting will not solve our issue in this case.
 >
 
 I'm afraid I'm missing something. But I'd like to ask first. Why do
 nobody ask OpenSSL first?
 They only can answer their intension. I don't think debate a guess on
 this list is a good idea.
 I believe the best way is a fixing by OpenSSL because, as you pointed
 out, either Ruby and
 OpenSSL can not make secure Ruby + old OpenSSL case. Therefore, to
 workaround for old
 OpenSSL is a pointless.
 
 I agree security is important and Ruby sometimes accepted a workaround
 patch and should
 do in the future too, if we really need to do.
 But I disagree just to continue a guess talk. Fixing right place is
 always better than a workaround.
 
 I hope my stand point is close to yours.

----------------------------------------
Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults 
https://bugs.ruby-lang.org/issues/9424#change-44641

* Author: Jeff Hodges
* Status: Assigned
* Priority: Normal
* Assignee: Martin Bosslet
* Category: ext/openssl
* Target version: current: 2.2.0
* ruby -v: -
* Backport: 1.9.3: UNKNOWN, 2.0.0: UNKNOWN, 2.1: UNKNOWN
----------------------------------------
Ruby 1.9, 2.0, and 2.1 use insecure defaults for SSL/TLS client connections. They have inherited or overridden configs that make the OpenSSL-controlled connections insecure. Note: both OpenSSL's and Ruby's defaults in all tested versions are currently insecure. Confirmation of the issues with Ruby's TLS client can be done with the code in [1].

Ruby is using TLS compression by default. This opens Ruby clients to the CRIME attack[2].

Ruby also uses a variety of insecure cipher suites. These cipher suites either use key sizes much smaller than the currently recommended size, making brute forcing a decryption easy, or do not check the veracity of the server's certificate making them susceptible to man-in-the-middle attacks[3][4].

Ruby also appears to allow SSLv2 connections by default. It does so by first trying to connect with a SSLv2 client hello with a higher SSL/TLS version inside of it which allows SSLv2 servers to work. SSLv2 was broken in the 1990s and is considered unsafe.

These issues expose Ruby users to attacks that have been known for many years, and are trivial to discover. These defaults are often build specific, and are not the same across platforms, but are consistently poor (the code in [1] can evaluate the build). A patch from a core developer on the security@ list is attached. However, the patch does not correct the suspect SSLv2 configuration. It is believed that Ruby 1.8 is also a concern, but, since it was obsoleted, it's not been investigated.

A report similar to this was sent to security / ruby-lang.org four days ago. The Ruby core developers have been unable to patch these problems in a timely manner for it for what I and others believe are concerning reasons. This ticket is being made to allow engineers outside of the small group that are on security@ to protect themselves from these attacks.

[1] https://gist.github.com/cscotta/8302049
[2] https://www.howsmyssl.com/s/about.html#tls-compression
[3] https://www.howsmyssl.com/s/about.html#insecure-cipher-suites
[4] TLS_DHE_DSS_WITH_DES_CBC_SHA - small keys
TLS_DHE_RSA_WITH_DES_CBC_SHA - small keys
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA - MITM
TLS_ECDH_anon_WITH_AES_128_CBC_SHA - MITM
TLS_ECDH_anon_WITH_AES_256_CBC_SHA - MITM
TLS_ECDH_anon_WITH_RC4_128_SHA - MITM
TLS_RSA_WITH_DES_CBC_SHA - small keys
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA - MITM
TLS_SRP_SHA_WITH_AES_128_CBC_SHA - MITM
TLS_SRP_SHA_WITH_AES_256_CBC_SHA - MITM

---Files--------------------------------
ruby_ssl.patch (1.08 KB)
change_ssl_defaults.diff (1.24 KB)


-- 
http://bugs.ruby-lang.org/