1. Introduction
The SSL Compression Methods Supported vulnerability means a remote service allows the use of compression when establishing an SSL connection. This can allow attackers to potentially exploit known weaknesses in compression algorithms, like CRIME and BREACH attacks, to intercept sensitive data. Systems offering SSL/TLS services are usually affected, including web servers, email servers, and VPN gateways. A successful attack could compromise confidentiality, integrity, and availability of the transmitted data.
2. Technical Explanation
The root cause is that the server has not been configured to disable support for SSL compression methods. This allows an attacker to negotiate a connection using a vulnerable compression algorithm. An example exploit involves an attacker intercepting encrypted traffic and exploiting weaknesses in the compression algorithms to recover plaintext data, such as cookies or authentication tokens. Affected systems include those running older versions of OpenSSL, Apache, Nginx, and other SSL/TLS libraries.
- Root cause: The server advertises support for vulnerable compression methods during the TLS handshake.
- Exploit mechanism: An attacker uses a man-in-the-middle attack to intercept encrypted traffic and inject malicious requests designed to exploit weaknesses in the chosen compression algorithm. For example, they might use CRIME (Compression Ratio Info-leak Made Easy) or BREACH attacks.
- Scope: Affected platforms include servers running OpenSSL versions prior to 1.0.2, Apache HTTP Server versions prior to 2.4.7, Nginx versions prior to 1.4.4, and other SSL/TLS implementations with default compression enabled.
3. Detection and Assessment
- Quick checks: Use the following command, replacing ‘yourdomain.com’ with the target hostname or IP address. Look for compression methods in the output.
- Scanning: Nessus plugin ID 82769 and OpenVAS scan script ssl_compression can identify this vulnerability. These are examples only.
- Logs and evidence: Server logs may show negotiation of compression algorithms during TLS handshakes, but direct evidence is often limited without traffic capture.
openssl s_client -connect yourdomain.com:443 | openssl x509 -text4. Solution / Remediation Steps
The following steps provide a precise way to fix this issue. They are small, testable and safe to roll back.
4.1 Preparation
- Ensure you have access to the server configuration files. A rollback plan involves restoring the original configuration file.
- A change window may be required depending on your organisation’s policies, and approval from the security team might be needed.
4.2 Implementation
- Step 1: Edit the server’s SSL/TLS configuration file (e.g., Apache httpd.conf, Nginx nginx.conf).
- Step 2: Disable SSL compression by adding or modifying the `SSLCompression` directive to ‘off’. For example, in Apache add `SSLCompression off`.
- Step 3: Restart the web service to apply the changes.
4.3 Config or Code Example
Before
SSLCompression onAfter
SSLCompression off4.4 Security Practices Relevant to This Vulnerability
Several security practices directly address this vulnerability type.
- Practice 1: Least privilege can reduce the impact if an attacker exploits a weakness in the compression algorithm.
- Practice 2: Secure defaults should disable vulnerable features like SSL compression by default.
- Practice 3: Patch cadence ensures timely updates to address known vulnerabilities in SSL/TLS libraries.
4.5 Automation (Optional)
If suitable, provide a small script or infrastructure code that applies the fix at scale. Only include if safe and directly relevant.
# Example Ansible task to disable SSL compression in Apache
- name: Disable SSL Compression in Apache
lineinfile:
path: /etc/apache2/mods-enabled/ssl.conf
regexp: '^SSLCompression on'
line: 'SSLCompression off'
notify: Restart Apache5. Verification / Validation
- Smoke test: Verify basic website functionality (e.g., loading a homepage) and SSL connection establishment.
- Monitoring: Monitor server logs for TLS handshake events, looking for any unexpected errors or attempts to negotiate compression algorithms.
openssl s_client -connect yourdomain.com:443 | openssl x509 -text6. Preventive Measures and Monitoring
Several measures can prevent this issue.
- Baselines: Update security baselines or policies to include a requirement for disabling SSL compression (for example, CIS control 1.2).
- Pipelines: Add checks in CI/CD pipelines to scan configuration files for insecure settings like enabled SSL compression.
- Asset and patch process: Implement a regular patch review cycle for SSL/TLS libraries and server software.
7. Risks, Side Effects, and Roll Back
Disabling SSL compression generally has no negative side effects on modern browsers or clients. However, older clients might experience issues.
- Risk or side effect 1: Older clients may not connect if they require compression.
- Roll back: Restore the original server configuration file and restart the web service.
8. References and Resources
Link only to sources that match this exact vulnerability.
- Vendor advisory or bulletin: https://httpd.apache.org/security/vulnerabilities/#CVE-2016-0957
- NVD or CVE entry: https://nvd.nist.gov/vuln/detail/CVE-2016-0957
- Product or platform documentation relevant to the fix: https://httpd.apache.org/docs/2.4/mod_ssl.html#SSLCompression