va
By:
va

Webmin and POODLE (SSLv3)

October 17, 2014 5.2k views

Hi,

Is it possible to disable SSLv3 for Webmin (port 10000)?

I'm guessing perhaps a particular string here:

Webmin -> Webmin -> Webmin Configuration -> SSL Encryption -> Listed ciphers

Everything I have tried permits SSLv3.

Thanks in advance,

G

2 Answers

Set the cipher list to: EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5:

screenshot

  • Hi and thanks much for your response.

    Unfortunately, that doesn't seem to fix the problem for me.

    Perhaps I have a faulty test routine? I've been using 'poodle.sh' for testing and fixing various other servers with success:

    sh poodle.sh www.mywebminhost.com 10000
    www.mywebminhost.com:10000 - Vulnerable!  SSLv3 connection established using SSLv3/AES256-SHA
    
    #!/bin/bash
    #
    #  Copyright (C) 2014 by Red Hat
    #
    #  This program is free software; you can redistribute it and/or modify
    #  it under the terms of the GNU General Public License as published by
    #  the Free Software Foundation; either version 3 of the License, or
    #  (at your option) any later version.
    
    host=${1:-127.0.0.1}
    port=${2:-443}
    timeout_bin=`which timeout 2>/dev/null`
    
    echo -n "$host:$port - "
    
    out="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -ssl3 -connect "${host}:${port}" 2>/dev/null`"
    
    if [ $? -eq 124 ]; then
        echo "error: Timeout connecting to host!"
        exit 1
    fi
    
    if ! echo "$out" | grep -q 'Cipher is' ; then
        echo 'Not vulnerable.  Failed to establish SSL connection.'
        exit 0
    fi
    
    proto=`echo "$out" | grep '^ *Protocol *:' | awk '{ print $3 }'`
    cipher=`echo "$out" | grep '^ *Cipher *:' | awk '{ print $3 }'`
    
    if [ "$cipher" = '0000'  -o  "$cipher" = '(NONE)' ]; then
        echo 'Not vulnerable.  Failed to establish SSLv3 connection.'
        exit 0
    else
        echo "Vulnerable!  SSLv3 connection established using $proto/$cipher"
        exit 1
    fi
    

    Again, thanks for your time and trouble,

    G

Have another answer? Share your knowledge.