atom feed29 messages in org.apache.httpd.devTLS renegotiation attack, mod_ssl and...
FromSent OnAttachments
Joe OrtonNov 5, 2009 6:01 am 
Peter SylvesterNov 5, 2009 7:26 am 
Ben LaurieNov 5, 2009 7:38 am 
Joe OrtonNov 5, 2009 9:31 am 
Ruediger PluemNov 5, 2009 12:37 pm 
Joe OrtonNov 5, 2009 1:30 pm 
Dirk-Willem van GulikNov 5, 2009 2:03 pm 
Ruediger PluemNov 5, 2009 2:16 pm 
Joe OrtonNov 5, 2009 3:59 pm 
Joe OrtonNov 5, 2009 4:11 pm 
Rainer JungNov 5, 2009 4:28 pm 
Joe OrtonNov 5, 2009 7:08 pm 
Colm MacCárthaighNov 6, 2009 10:23 am 
Dirk-Willem van GulikNov 6, 2009 10:45 am 
Dirk-Willem van GulikNov 6, 2009 10:54 am 
Colm MacCárthaighNov 6, 2009 10:57 am 
Dr Stephen HensonNov 6, 2009 10:59 am 
Dirk-Willem van GulikNov 6, 2009 1:58 pm 
Ruediger PluemNov 6, 2009 2:26 pm 
Dirk-Willem van GulikNov 6, 2009 2:31 pm 
Joe OrtonNov 6, 2009 2:48 pm 
Dirk-Willem van GulikNov 6, 2009 3:27 pm 
Boyle OwenNov 9, 2009 1:39 am 
Ruediger PluemNov 9, 2009 2:05 am 
Jean-Marc DesperrierNov 10, 2009 6:19 am 
Joe OrtonNov 10, 2009 6:25 am 
fredk2Jan 26, 2010 12:04 pm 
Dr Stephen HensonJan 27, 2010 2:40 pm 
Joe OrtonFeb 3, 2010 5:43 am 
Subject:TLS renegotiation attack, mod_ssl and OpenSSL
From:Joe Orton (jor@redhat.com)
Date:Nov 5, 2009 6:01:03 am
List:org.apache.httpd.dev

With reference to the issue described here:

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

Considering the impact on mod_ssl, I'm making these assumptions:

1. no HTTP/SSL client initiates a renegotiation of its own accord

2. many mod_ssl configurations do not require a renegotiation to be performed at all

3. some mod_ssl configurations, typically requiring client cert auth in a per-directory/location context, do require the server to initiate a renegotiation.

The longer term plan to fix the vulnerability is to upgrade all clients and servers to support a new TLS extension which allows renegotiations to be performed securely.

Disabling renegotiation completely and unconditionally at SSL toolkit level will break a significant number of installs - I don't think we could deploy that change.

In the short term, I think it would be useful to have a new SSL_OP_* flag which enables rejection of a client-initiated handshake in an SSL server. This will fix the issue for 90% of sites without breaking the remaining 10% (case 3 above), and is a change that can be deployed everywhere.

Regards, Joe