Summarising the information gathered so far from various channels
(thanks to Bill B., Bill W. & Rainer who have done most of the actual
work to find the info below).
BIO/NIO connectors using JSSE.
Vulnerable when renegotiation is triggered by the client or server.
We could prevent server initiated renegotiation (and probably break the
majority of configurations using CLIENT-CERT).
We can't do anything to prevent client initiated renegotiation.
APR/native connector using OpenSSL
It is vulnerable when renegotiation is triggered by the client or by the
server.
Client triggered negotiation is supported.
Server triggered negotiation will be supported from 1.1.17 onwards.
OpenSSL 0.9.8l disables negotiation by default
In terms of what this means for users:
BIO/NIO
- There isn't anything we can do in Tomcat to stop client
initiated renegotiation so it is a case of waiting for the JVM
vendors to respond.
APR/native
- Re-building their current version with 0.9.8l will protect
users at the risk of breaking any configurations that
require renegotiation.
- We can release 1.1.17 with the binaries built with 0.9.8l. This
will also protect users at the risk of breaking any
configurations that require renegotiation. Mladen is doing this
now.
- Supporting renegotiation whilst avoiding the vulnerability will
require a protocol fix. In the meantime, we could port port
r833582 from httpd which would disable client triggered
renegotiation for OpenSSL < 0.9.8l (which may help some users
who can't easily change their OpenSSl version and release 1.1.18
with this fix
- Once the protocol is fixed, release 1.1.next bundled with the
appropriate version of OpenSSL
Have I got my facts right above? If so, any objections to posting the
above to the users@ and announce@ lists along with adding something to
the security pages?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
|