How to enable TLS Fallback SCSV on CM

Doc ID    SOLN266600
Version:    1.0
Status:    Published
Published date:    09 Apr 2015
Author:   
Hai Huang
 

Details

Need to enable TLS Fallback SCSV until SSLv3 is disabled on CM6.2.

Problem Clarification

This is related to the POODLE  vulnerability CVE-2014-3566 which only affects SSLv3, and based on below ASA-2014-432 and PSN020172u Avaya only fixed this in CM 6.3 with Service Pack 10 (or later version) or Security Service Pack 5 (or later version) .

https://downloads.avaya.com/css/P8/documents/101001521

https://downloads.avaya.com/css/P8/documents/101006309

In above ASA it also mentioned :

This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.

This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update.

Now the customer's question is :  How to enable TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV) on their CM 6.2 before they can upgrade to CM6.3 with SP10 or SSP5, so they can also prevent a forceful downgrade of the communication to SSLv3 which is the vulnerable version.

Cause

Let's know more about the TLS Fallback SCSV :

To work around interoperability problems with legacy servers, many TLS client implementations do not rely on the TLS protocol version negotiation mechanism alone, but will intentionally reconnect using a downgraded protocol if initial handshake attempts fail.  Such clients may fall back to connections in which they announce a version as low as TLS 1.0 (or even its predecessor, SSL 3.0) as the highest
supported version.

While such protocol downgrades can be a useful last resort for connections to actual legacy servers, there's a risk that active attackers could exploit the downgrade strategy to weaken the cryptographic security of connections.  Also, handshake errors due to network glitches could similary be misinterpreted as interaction with a legacy server and result in a protocol downgrade.

All unnecessary protocol downgrades are undesirable (e.g., from TLS 1.2 to TLS 1.1 if both the client and the server actually do support TLS 1.2); they can be particularly critical if they mean losing the TLS extension feature (when downgrading to SSL 3.0).  This document defines a Signaling Cipher Suite Value (SCSV) that can be employed to prevent unintended protocol downgrades between clients and servers
 that comply to this document, by having the client indicate that the current connection attempt is merely a fallback.

Solution

There is no concept of “enabling” TLS Fallback Signaling Cipher Suite Value.  You either have it or you don’t and CM6.2 doesn't have it (yet).Getting it will require upgrading to a new version of openSSL. The latest SSP for CM 6.3 will provide the openssl with the TLS Fallback Signaling Cipher Suite Value.  Anything prior to 6.3 is not supported, so the support for this feature will not be added.

TLS Fallback SCSV is only available for CM6.3 with SSP5 or the current latest SSP6 installed. Check below PCN for CM6.3 SSP6.

https://downloads.avaya.com/css/P8/documents/100173675


Avaya -- Proprietary. Use pursuant to the terms of your signed agreement or Avaya policy