httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@links.org>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Thu, 05 Nov 2009 15:39:06 GMT
Joe Orton wrote:
> With reference to the issue described here:
> 
> http://www.ietf.org/mail-archive/web/tls/current/msg03948.html
> 
> Considering the impact on mod_ssl, I'm making these assumptions:
> 
> 1. no HTTP/SSL client initiates a renegotiation of its own accord
> 
> 2. many mod_ssl configurations do not require a renegotiation to be 
> performed at all
> 
> 3. some mod_ssl configurations, typically requiring client cert auth in 
> a per-directory/location context, do require the server to initiate a 
> renegotiation.
> 
> The longer term plan to fix the vulnerability is to upgrade all clients 
> and servers to support a new TLS extension which allows renegotiations 
> to be performed securely.
> 
> Disabling renegotiation completely and unconditionally at SSL toolkit 
> level will break a significant number of installs - I don't think we 
> could deploy that change.  
> 
> In the short term, I think it would be useful to have a new SSL_OP_* 
> flag which enables rejection of a client-initiated handshake in an SSL 
> server.  This will fix the issue for 90% of sites without breaking the 
> remaining 10% (case 3 above), and is a change that can be deployed 
> everywhere.

Case 3 is vulnerable to attack, though, so I'm afraid you want to break it.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message