On 09.11.2009 17:16, Mark Thomas wrote:
> Konstantin Kolinko wrote:
>> 2009/11/9 Mark Thomas <markt@apache.org>:
>>> Summarising the information gathered so far from various channels
>>> (thanks to Bill B., Bill W. & Rainer who have done most of the actual
>>> work to find the info below).
>>>
>>> BIO/NIO connectors using JSSE.
>>> Vulnerable when renegotiation is triggered by the client or server.
>>> We could prevent server initiated renegotiation (and probably break the
>>> majority of configurations using CLIENT-CERT).
>>> We can't do anything to prevent client initiated renegotiation.
>>>
>>> APR/native connector using OpenSSL
>>> It is vulnerable when renegotiation is triggered by the client or by the
>>> server.
>>> Client triggered negotiation is supported.
>>> Server triggered negotiation will be supported from 1.1.17 onwards.
>>>
>>> OpenSSL 0.9.8l disables negotiation by default
>>>
>>>
>>> In terms of what this means for users:
>>>
>>> BIO/NIO
>>> - There isn't anything we can do in Tomcat to stop client
>>> initiated renegotiation so it is a case of waiting for the JVM
>>> vendors to respond.
>>>
>>> APR/native
>>> - Re-building their current version with 0.9.8l will protect
>>> users at the risk of breaking any configurations that
>>> require renegotiation.
>>> - We can release 1.1.17 with the binaries built with 0.9.8l. This
>>> will also protect users at the risk of breaking any
>>> configurations that require renegotiation. Mladen is doing this
>>> now.
>>> - Supporting renegotiation whilst avoiding the vulnerability will
>>> require a protocol fix. In the meantime, we could port port
>>> r833582 from httpd which would disable client triggered
>>> renegotiation for OpenSSL < 0.9.8l (which may help some users
>>> who can't easily change their OpenSSl version and release 1.1.18
>>> with this fix
>>> - Once the protocol is fixed, release 1.1.next bundled with the
>>> appropriate version of OpenSSL
>>>
>>>
>>> Have I got my facts right above? If so, any objections to posting the
>>> above to the users@ and announce@ lists along with adding something to
>>> the security pages?
>>>
>>> Mark
>>>
>>
>> +1
>>
>> s/negotiation/renegotiation/
>> s/port port/port/
>
> Noted. I'll get the notice out.
>
>> A question:
>> My understanding of renegotiation is that it changes SSL session. Is
>> it possible to observe changes in the value of SSL sessionId? I doubt
>> so, but may be?
>> We read that value once and provide it to our users as
>> "javax.servlet.request.ssl_session" request attribute.
>
> Hmm. Interesting. I need to do some testing :)
Yes, using the naive openssl test with s_client and the "R" command, the
session id changes.
In order to find out, whether this is optional behaviour or will always
happen, I guess we would need to ask on the openssl dev list, which I
will do in a minute :)
> I'll add something along the lines of "We are currently evaluating a
> number of possible work-arounds prior to a protocol fix becoming
> available. Discussion is happening on the dev list and any significant
> developments will be posted to the users@ and announce@ mailing lists.
+1
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
|