PSIRTSSL v3 "POODLE" Vulnerability
Impact Detail
An attack against the SSL version 3.0 protocol allows the plaintext ofsecure connections to be calculated by an attacker in a Man-in-the-Middle (MitM)position. SSLv3 was been replaced by TLS 15 years ago, however, before establishing asecure connection between a client and a server, a negotiation phase or"downgrade dance" takes place: the two decide on a secure protocol versionthat is compatible to both. During this phase, after all attempts to setup aTLS connection fail, the next protocol attempted is SSLv3. The downgrade, apart from being initiated by one of the parties, can also becaused by network glitches. Hence, if a Man-in-the-Middle can disrupt anyhandshakes for TLS protocols between the server and client, they caneventually be forced to settle on SSLv3.Affected Products
FortiGate in its default configuration (GUI, and if enabled: VIP load-balance, SSL VPN, wanopt, SIP SSL)FortiMail in its default configuration (HTTPS GUI and all mail ssl services: SMTPS, IMAPS, POP3S)
FortiAnalyzer and FortiManager < version 5.0.9 for branch 5.0.X and < version 5.2.1 for branch 5.2.X
FortiAnalyzer and FortiManager - version 5.0.9 and version 5.2.1 in their default configuration
FortiAuthenticator - version 3.0 only; 3.1 and 3.2 are not affected
FortiCache - version 2.2 and 2.3, plus version 3.0 only in its default configuration
FortiWeb < version 5.3.2 for branch 5.3.X and < version 5.2.4 for branch 5.2.X
FortiWeb - version 5.3.2 and 5.2.4 in their default configuration
FortiDDoS < version 4.1.3
FortiADC-D - All versions FortiADC-E - Cluster VIP (in its default configuration), and GUI, All versions
FortiClient - All versions
FortiVoice-Enterprise in its default configuration
FortiRecorder in its default configuration
FortiDB - All versions
FortiSwitchOS in its default configuration
FortiSwitch ATCA - All versions
Solutions
Although FortiGates, FortiMail, FortiCache and FortiSwitchOS are vulnerable in their default configuration, there is a CLI setting which disables SSLv3 (see settings details below). As of this writing, the only reported compatibility issue that may ensue is with Internet Explorer 6.Thus a patch release will not be necessary for FortiGates, all versions (4.3.X, 5.0.X, 5.2.X), FortiMail (5.0.X and 5.2.X), FortiCache, FortiVoice-Enterprise, FortiRecorder and FortiSwitchOS.
The status of other products within the Fortinet family is being reviewed, and this advisory will be updated accordingly.
Alternatively, SSLv3 can be disabled in client browsers (refer to documentation for your browser, or to the FortiGuard FAQ on Poodle - see link in References below).
FortiOS - Apply the settings:
For the HTTPS GUI:
config system global set strong-crypto enable end
Other possibly enabled features:
For the VIP load-balance:
config firewall vip edit "your_vip" set ssl-min-version tls-1.0 endFor SSL VPN:
config vpn ssl settings set sslv3 disable (enabled per default) endFor wanopt:
config wanopt ssl-server edit <profile> set ssl-min-version tls-1.0 endFor SIP SSL (not supported on low end units):
config voip profile edit <profile> config sip set ssl-mode full set ssl-min-version tls-1.0FortiMail - Apply the settings:
config system global set strong-crypto enable endFortiCache 3.0 - Apply the settings:
For the HTTPS GUI:
config system global set strong-crypto enable endFor the HTTPS wan optimization:
config wanopt ssl-server edit <profile> set ssl-min-version tls-1.0 endFortiADC-E - Apply the settings:
For the Cluster VIP HTTPS:
System->Load Balance->Clusters->Security->SSL: Remove checkbox "Allow SSLv3"FortiVoice-Enterprise - Apply the settings:
config system globalset strong-crypto enableendFortiRecorder - Apply the settings:
config system globalset strong-crypto enableendFortiSwitchOS - Apply the settings:
config system globalset strong-crypto enableendFortiManager and FortiAnalyzer - Upgrade to 5.0.9 or 5.2.1 and apply the settings:
config system globalset ssl-protocol tlsv1end
FortiDDoS - Upgrade to 4.1.3
FortiWeb - Upgrade to 5.3.2 or 5.2.4 and apply the settings:
config system advancedset no-sslv3 enableendconfig system globalset no-sslv3 enableend