Open hasenberg41 opened 1 year ago
Hi, thank you for reporting this.
Please, could give me more information about your environment. I was not able to reproduce this error.
Do you get the same error in a IRB session?
3.0.2 :001 > require 'openssl'
=> true
3.0.2 :002 > OpenSSL::Cipher.new("rc4")
=> #<OpenSSL::Cipher:0x00007ff2a7a4ec68>
If not, would you mind sending the output of the following commands in IRB?
OpenSSL::OPENSSL_LIBRARY_VERSION
OpenSSL::OPENSSL_VERSION
OpenSSL::OPENSSL_VERSION_NUMBER
OpenSSL::VERSION
RUBY_VERSION
RUBY_PATCHLEVEL
Also, could you also try using bundle from the ruby_smb root directory?
bundle update
bundle exec irb
Please, could give me more information about your environment. I was not able to reproduce this error.
It replicates on a default Ubuntu 22.04 box with OpenSSL 3; If you were testing on a Kali environment or rvm compiled with its OpenSSL 1.1.1 package, it won't replicate. Kali ships global OpenSSL config to enable weak cyphers - for my env it's in /usr/share/kali-defaults/etc/ssl/openssl.cnf
Example of replication with Ubuntu 22.04:
3.1.2 :001 > require 'openssl'
=> true
3.1.2 :002 > rc4 = OpenSSL::Cipher.new("rc4")
(irb):2:in `initialize': unsupported (OpenSSL::Cipher::CipherError)
from (irb):2:in `new'
from (irb):2:in `<main>'
from /home/a/.rvm/gems/ruby-3.1.2/gems/irb-1.6.3/exe/irb:9:in `<top (required)>'
from /home/a/.rvm/gems/ruby-3.1.2/bin/irb:25:in `load'
from /home/a/.rvm/gems/ruby-3.1.2/bin/irb:25:in `<main>'
from /home/a/.rvm/gems/ruby-3.1.2/bin/ruby_executable_hooks:22:in `eval'
from /home/a/.rvm/gems/ruby-3.1.2/bin/ruby_executable_hooks:22:in `<main>'
To work around this issue, as part of ruby_smb's test suite we've added config to load the weak cyphers by default: https://github.com/rapid7/ruby_smb/pull/234
For instance if you set the OpenSSL config setting to RubySMB's test config file before loading the OpenSSL library, things would work:
~/ruby_smb$ irb
3.1.2 :001 > ENV['OPENSSL_CONF'] = File.expand_path(File.join(File.dirname(__FILE__), 'spec', 'support', 'openssl.conf'))
=> "/home/a/ruby_smb/spec/support/openssl.conf"
3.1.2 :002 > require 'openssl'
=> true
3.1.2 :003 > rc4 = OpenSSL::Cipher.new("rc4")
=> #<OpenSSL::Cipher:0x00007f3eb0648e08>
It would obviously be rude for the ruby_smb library to globally set weak ciphers, so it should be enabled in your app in a way that is aligned with your security requirements. There's also the possibility of us updating ruby_smb to use a native Ruby rc4 implementation etc similar to https://github.com/WinRb/rubyntlm/pull/53 but I haven't done an audit for all of the legacy cyphers that we'd need to have native implementations for
Thanks @adfoster-r7 ! I would prefer a native Ruby implementation as you suggested.
(Sorry for my english) In my system and in docker i try use RubySMB::Client and receive error:
.../ruby_smb-3.2.5/lib/ruby_smb/ntlm/client.rb:33:in 'initialize': unsupported (OpenSSL::Cipher::CipherError)
This line contains coderc4 = OpenSSL::Cipher.new("rc4")
OpenSSL::Cipher.ciphers
show me what rc4 already exists in a list of ciphersI try recompile openssl for my linux with enable-weak-ssl-ciphers parameter - its not help I try install openssl version 1.1.1f - it`s not help too Also i fetch last version OpenSSL gem, change ssl.rb file - return RC4 ciphers to list back (I forgot commit which delete this). And its not help too