httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Marc Desperrier <jmd...@free.fr>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Tue, 10 Nov 2009 14:19:39 GMT
Joe Orton wrote:
> On Fri, Nov 06, 2009 at 12:00:06AM +0000, Joe Orton wrote:
>> >  On Thu, Nov 05, 2009 at 09:31:00PM +0000, Joe Orton wrote:
>>> >  >  * we can detect in mod_ssl when the client is renegotiating by using
the
>>> >  >  callback installed using SSL_CTX_set_info_callback(), in conjunction
>>> >  >  with suitable flags in the SSLConnRec to detect the cases where this
is
>>> >  >  either a server-initiated renegotiation or the initial handshake
on the
>>> >  >  connection.
>> >
>> >  Here is a very rough first hack (for discussion/testing purposes only!):
> A second hack, slightly less rough hack:

Joe, instead of hard coding this, a very nice solution would be to have 
a new directive "SSLServerRenegociation Allow" or even more flexible 
"SSLRenegociation disabled/serveronly/enabled" with disabled as default 
value.

This would allow sites that need server renegotiation to make it quite 
more secure, by using a strategy similar to what is suggested here :
https://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c7
"The obvious answer for an 'upload' style operation is to ensure they 
never hit your upload page without going through a simpler front page 
which first enforces the renegotation.  This can be your upload form page."

So the server would first direct the user to a "SSLRenegociation 
serveronly" page that is conceived so that request to it can not be 
abused, and use "SSLRenegociation enabled" for all unsafe locations, the 
user accessing them only when his connection has already been upgraded 
to use client certs (this is similar to what Peter suggested already).

The only weak point in that solution is that Apache seems to require 
renegotiation in quite a few case where it should not be really 
necessary. But as any case of Apache requiring renegotiation will break 
anyone using the more radical option of fully disabling renegotiation 
I'll open a separate message for this.

Mime
View raw message