Disable SSL renegotiation to fix CVE-2009-3555. #47

Merged
merged 1 commit into from Nov 2, 2011

Conversation

Projects
None yet
2 participants
@vincentbernat
Contributor

vincentbernat commented Oct 28, 2011

If OpenSSL is too old, it does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

If OpenSSL is recent enough, it will use SSL secure renegotiation instead (RFC 5746). However, this feature allows an attacker to trigger easily a lot of handshake which would allow to DoS the server (this kind of attack has been recently advertised by THC)

At least, there seems to be no easy way to tell if OpenSSL is vulnerable to CVE-2009-3555 and therefore, in doubt, it may be better to disable renegotiation.

Disable SSL renegotiation to fix CVE-2009-3555.
If OpenSSL is too old, it does not properly associate renegotiation
handshakes with an existing connection, which allows man-in-the-middle
attackers to insert data into HTTPS sessions, and possibly other types
of sessions protected by TLS or SSL, by sending an unauthenticated
request that is processed retroactively by a server in a
post-renegotiation context, related to a "plaintext injection" attack,
aka the "Project Mogul" issue.

If OpenSSL is recent enough, it will use SSL secure renegotiation
instead (RFC 5746). However, this feature allows an attacker to
trigger easily a lot of handshake which would allow to DoS the server.

At least, there seems to be no easy way to tell if OpenSSL is
vulnerable to CVE-2009-3555 and therefore, in doubt, it may be better
to disable renegotiation.
@vincentbernat

This comment has been minimized.

Show comment
Hide comment
@vincentbernat

vincentbernat Oct 28, 2011

Contributor

Here is where the inspiration of this patch comes from:

Apache handles more case because renegotiation may be needed if the client needs to present a new certificate. We don't handle this case in stud.

Contributor

vincentbernat commented Oct 28, 2011

Here is where the inspiration of this patch comes from:

Apache handles more case because renegotiation may be needed if the client needs to present a new certificate. We don't handle this case in stud.

jamwt pushed a commit that referenced this pull request Nov 2, 2011

Jamie Turner
Merge pull request #47 from vincentbernat/feature/disablereneg
Disable SSL renegotiation to fix CVE-2009-3555.

@jamwt jamwt merged commit 31f724c into bumptech:master Nov 2, 2011

@jamwt

This comment has been minimized.

Show comment
Hide comment
@jamwt

jamwt Nov 2, 2011

Member

Thanks!

Member

jamwt commented Nov 2, 2011

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment