Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50325

Use JVM provided solutions to CVE-2009-3555 if available (i.e. RFC 5746 support) git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1065859 13f79535-47bb-0310-9956-ffa450edef68
apache · Jan 31, 2011 · 14e4efd · 14e4efd
1 parent b61a24e
commit 14e4efd
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 7 deletions.
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -26,7 +26,9 @@
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
+import java.security.KeyManagementException;
 import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CRL;
@@ -78,21 +80,45 @@
  */
 public class JSSESocketFactory implements ServerSocketFactory {
 
+    private static final org.apache.juli.logging.Log log =
+        org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
     private static final StringManager sm =
         StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
 
+    private static final boolean RFC_5746_SUPPORTED;
+
     // Defaults - made public where re-used
-    static String defaultProtocol = "TLS";
-    static String defaultKeystoreType = "JKS";
+    private static final String defaultProtocol = "TLS";
+    private static final String defaultKeystoreType = "JKS";
     private static final String defaultKeystoreFile
         = System.getProperty("user.home") + "/.keystore";
     private static final int defaultSessionCacheSize = 0;
     private static final int defaultSessionTimeout = 86400;
     private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
     public static final String DEFAULT_KEY_PASS = "changeit";
 
-    static final org.apache.juli.logging.Log log =
-        org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
+    static {
+        boolean result = false;
+        SSLContext context;
+        try {
+            context = SSLContext.getInstance("TLS");
+            context.init(null, null, new SecureRandom());
+            SSLServerSocketFactory ssf = context.getServerSocketFactory();
+            String ciphers[] = ssf.getSupportedCipherSuites();
+            for (String cipher : ciphers) {
+                if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
+                    result = true;
+                    break;
+                }
+            }
+        } catch (NoSuchAlgorithmException e) {
+            // Assume no RFC 5746 support
+        } catch (KeyManagementException e) {
+            // Assume no RFC 5746 support
+        }
+        RFC_5746_SUPPORTED = result;
+    }
+
 
     private AbstractEndpoint endpoint;
 
@@ -168,8 +194,8 @@ public void handshake(Socket sock) throws IOException {
         if (session.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL"))
             throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
 
-        if (!allowUnsafeLegacyRenegotiation) {
-            // Prevent futher handshakes by removing all cipher suites
+        if (!allowUnsafeLegacyRenegotiation && !RFC_5746_SUPPORTED) {
+            // Prevent further handshakes by removing all cipher suites
             ((SSLSocket) sock).setEnabledCipherSuites(new String[0]);
         }
     }

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
@@ -125,6 +125,12 @@
         Prvent multiple Comet END events if the CometServlet calls
         <code>event.close()</code> during an END event. (markt) 
       </fix>
+      <fix>
+        <bug>50325</bug>: When the JVM indicates support for RFC 5746, disable
+        Tomcat&apos;s <code>allowUnsafeLegacyRenegotiation</code> configuration
+        attribute and use the JVM configuration to control renegotiation.
+        (markt)
+      </fix>
       <fix>
         <bug>50405</bug>: Fix occassional NPE when using NIO connector and
         Comet. (markt)

diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
@@ -864,7 +864,13 @@
       <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
       users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
       protocol that allows an attacker to inject arbitrary data into the user's
-      request. If not specified, a default of <code>false</code> is used.</p>
+      request. If not specified, a default of <code>false</code> is used. This
+      attribute only has an effect if the JVM does not support RFC 5746 as
+      indicated by the presence of the pseudo-ciphersuite
+      TLS_EMPTY_RENEGOTIATION_INFO_SCSV. This is available JRE/JDK 6 update 22
+      onwards. Where RFC 5746 is supported the renegotiation - including support
+      for unsafe legacy renegotiation - is controlled by the JVM configuration.
+      </p>
     </attribute>
 
     <attribute name="ciphers" required="false">