(#19151) Reject SSLv2 SSL handshakes and ciphers

Without this patch, SSL connections on older versions of Ruby will
negotiate down to insecure modes of operation, specifically SSLv2.  This
is a problem because SSLv2 needs to be rejected outright to meet
security policies.

This patch addresses the problem by changing the behavior of the
OpenSSL::SSL::SSLContext class.  With this patch applied, all SSLContext
objects will be initialized with a default cipher rule set that always
contains the '!SSLv2' substring.  This has the effect of removing SSLv2
ciphers from the cipher list and prohibiting them from being re-added by
later elements in the cipher spec.

Details regarding how OpenSSL behaves with this cipher string are
available at: http://www.openssl.org/docs/apps/ciphers.html

In order to see which ciphers are enabled for a specific version of the
OpenSSL library, please see the output of the command:

    $ openssl ciphers $CIPHERS

This command will display an ordered list of the ciphers enabled for use
during the SSL handshake.

This change is a monkey patch to MRI Core and will affect all SSL socket
clients and servers.  The options and cipher list may still be
explicitly set by passing an options hash with the :options and :ciphers
keys to the SSLContext#set_params method.

Author: Jeff McCune

lib/puppet/network/http/webrick.rb

@@ -94,6 +94,7 @@ def setup_ssl
     results[:SSLCertificate] = host.certificate.content
     results[:SSLStartImmediately] = true
     results[:SSLEnable] = true
+    results[:SSLOptions] = OpenSSL::SSL::OP_NO_SSLv2
 
     raise Puppet::Error, "Could not find CA certificate" unless Puppet::SSL::Certificate.indirection.find(Puppet::SSL::CA_NAME)
 

lib/puppet/util/monkey_patches.rb

@@ -356,3 +356,26 @@ def Dir.mktmpdir(prefix_suffix=nil, tmpdir=nil)
     end
   end
 end
+
+# (#19151) Reject all SSLv2 ciphers and handshakes
+require 'openssl'
+class OpenSSL::SSL::SSLContext
+  if DEFAULT_PARAMS[:options]
+    DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2
+  else
+    DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_SSLv2
+  end
+  DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
+
+  alias __original_initialize initialize
+  private :__original_initialize
+
+  def initialize(*args)
+    __original_initialize(*args)
+    params = {
+      :options => DEFAULT_PARAMS[:options],
+      :ciphers => DEFAULT_PARAMS[:ciphers],
+    }
+    set_params(params)
+  end
+end

spec/unit/network/http/connection_spec.rb

@@ -90,7 +90,6 @@
 
         it                { should be_use_ssl }
         its(:cert)        { should be_nil }
-        its(:cert_store)  { should be_nil }
         its(:ca_file)     { should be_nil }
         its(:key)         { should be_nil }
         its(:verify_mode) { should == OpenSSL::SSL::VERIFY_NONE }

spec/unit/network/http/webrick_spec.rb

@@ -241,6 +241,10 @@
       server.setup_ssl[:SSLEnable].should be_true
     end
 
+    it "should reject SSLv2" do
+      server.setup_ssl[:SSLOptions].should == OpenSSL::SSL::OP_NO_SSLv2
+    end
+
     it "should configure the verification method as 'OpenSSL::SSL::VERIFY_PEER'" do
       server.setup_ssl[:SSLVerifyClient].should == OpenSSL::SSL::VERIFY_PEER
     end

spec/unit/util/monkey_patches_spec.rb

@@ -254,3 +254,23 @@ def do_test( range, other, expected )
     o.instance_variables.should =~ [:@foo, :@bar, :@baz]
   end
 end
+
+describe OpenSSL::SSL::SSLContext do
+  it 'disables SSLv2 via the SSLContext#options bitmask' do
+    (subject.options & OpenSSL::SSL::OP_NO_SSLv2).should == OpenSSL::SSL::OP_NO_SSLv2
+  end
+  it 'explicitly disable SSLv2 ciphers using the ! prefix so they cannot be re-added' do
+    cipher_str = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]
+    cipher_str.split(':').should include('!SSLv2')
+  end
+  it 'sets parameters on initialization' do
+    described_class.any_instance.expects(:set_params)
+    subject
+  end
+  it 'has no ciphers with version SSLv2 enabled' do
+    ciphers = subject.ciphers.select do |name, version, bits, alg_bits|
+      /SSLv2/.match(version)
+    end
+    ciphers.should be_empty
+  end
+end