httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject TLS renegotiation attack, mod_ssl and OpenSSL
Date Thu, 05 Nov 2009 14:01:26 GMT
With reference to the issue described here:

http://www.ietf.org/mail-archive/web/tls/current/msg03948.html

Considering the impact on mod_ssl, I'm making these assumptions:

1. no HTTP/SSL client initiates a renegotiation of its own accord

2. many mod_ssl configurations do not require a renegotiation to be 
performed at all

3. some mod_ssl configurations, typically requiring client cert auth in 
a per-directory/location context, do require the server to initiate a 
renegotiation.

The longer term plan to fix the vulnerability is to upgrade all clients 
and servers to support a new TLS extension which allows renegotiations 
to be performed securely.

Disabling renegotiation completely and unconditionally at SSL toolkit 
level will break a significant number of installs - I don't think we 
could deploy that change.  

In the short term, I think it would be useful to have a new SSL_OP_* 
flag which enables rejection of a client-initiated handshake in an SSL 
server.  This will fix the issue for 90% of sites without breaking the 
remaining 10% (case 3 above), and is a change that can be deployed 
everywhere.

Regards, Joe

Mime
View raw message