Land rapid7#7521, Modernize TLS protocol configuration for SMTP / SQL Server

Author: bwatters-r7

lib/metasploit/framework/mssql/tdssslproxy.rb

@@ -51,8 +51,9 @@ def cleanup
   def setup_ssl
     @running = true
     @t1 = Thread.start { ssl_setup_thread }
-    ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1)
-    @ssl_socket = OpenSSL::SSL::SSLSocket.new(@s1, ssl_context)
+    ctx = OpenSSL::SSL::SSLContext.new(:SSLv23)
+    ctx.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:!SSLv3:+HIGH:+MEDIUM"
+    @ssl_socket = OpenSSL::SSL::SSLSocket.new(@s1, ctx)
     @ssl_socket.connect
   end
 

lib/msf/core/exploit/smtp_deliver.rb

@@ -228,12 +228,9 @@ def swap_sock_plain_to_ssl(nsock=self.sock)
   end
 
   def generate_ssl_context
-    ctx = OpenSSL::SSL::SSLContext.new
-    ctx.key = OpenSSL::PKey::RSA.new(1024){ }
-
-    ctx.session_id_context = Rex::Text.rand_text(16)
-
-    return ctx
+    ctx = OpenSSL::SSL::SSLContext.new(:SSLv23)
+    ctx.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:!SSLv3:+HIGH:+MEDIUM"
+    ctx
   end
 
 end

modules/exploits/linux/misc/nagios_nrpe_arguments.rb

@@ -154,7 +154,7 @@ def check
 
   end
 
-  # NRPE uses unauthenticated Annonymous-Diffie-Hellman
+  # NRPE uses unauthenticated Anonymous-Diffie-Hellman
 
   # setting the global SSL => true will break as we would be overlaying
   # an SSLSocket on another SSLSocket which hasnt completed its handshake
@@ -163,7 +163,7 @@ def connect(global = true, opts={})
     self.sock = super(global, opts)
 
     if datastore['NRPESSL'] or @force_ssl
-      ctx = OpenSSL::SSL::SSLContext.new("TLSv1")
+      ctx = OpenSSL::SSL::SSLContext.new(:TLSv1)
       ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
       ctx.ciphers = "ADH"