tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject SSL MITM status update
Date Thu, 19 Nov 2009 23:20:38 GMT
Feedback / comments on the info below. I'd like to get it out to users@
and announce@ fairly soon.





Work on the root cause is progressing but is still in a state of flux.
The purpose of this update is provide information on the current
understanding so users are better informed when making decisions
regarding risk mitigation for this issue in their environment.

BIO Connector

The HTTP BIO connector that ships with 6.0.20 and 5.5.28 supports client
and server initiated negotiation and is vulnerable to CVE-2009-3555.

A patch [1] has been applied to trunk, 6.0.x and 5.5.x that provides an
option to disable renegotiation. This patch has an issue in that it uses
an asynchronous callback to close the connection when a handshake is
detected. It is theoretically possible for an attack to complete before
the connection is closed. When negotiation is disabled, both server and
client initiated attempts to renegotiate are logged.

An updated patch [2] has been applied to trunk and proposed for 6.0.x
and 5.5.x that resolves the asynchronous concerns but only logs server
initiated renegotiation.

Users of 6.0.20, 5.5.28 and earlier versions can apply either of the
patches. It will be necessary to build Tomcat from source to use these

Testing with both these patches has shown that using the connector
attributes clientAuth="want" and allowUnsafeLegacyRenegotiation="false"
provides a similar user experience during negotiation to
clientAuth="false" and allowUnsafeLegacyRenegotiation="true" although
this may vary by application.

It is anticipated that 6.0.21 and 5.5.29 releases will be made once the
situation stabilises and the Tomcat development team is confident that
further changes will not be required.

NIO Connector

The HTTP NIO connector that ships with 6.0.20 and 5.5.28 does not
support client or server initiated renegotiation and is therefore not
vulnerable to CVE-2009-3555.

As and when negotiation support is added to the NIO connector, it will
support the allowUnsafeLegacyRenegotiation connector attribute and
behave in a similar manner to the HTTP BIO connector.

APR / native Connector

Behaviour of the APR/native connector depends on the version of the
APR/native connector and on the version of OpenSSL that the connector is
build with. Versions prior to APR/native 1.1.16 are not discussed.

The windows binaries available from the ASF have been built with the
following OpenSSL versions:

APR/native  OpenSSL
1.1.16      0.9.8i
1.1.17      0.9.8l
1.1.18      0.9.8k - TBC

Any version of the APR/native connector built with OpenSSl 0.9.8l will
not support client or server initiated negotiation and will, therefore,
not be vulnerable to CVE-2009-3555.

Client initiated negotiation is supported in 1.1.16 and 1.1.17. These
versions are, therefore, vulnerable to CVE-2009-3555 unless built with
OpenSSL 0.9.8l.

Client initiated negotiation has been disabled in 1.1.18. Therefore,
this version is not vulnerable to CVE-2009-3555 via client initiated
renegotiation although it may still be vulnerable via server initiated

Server initiated renegotiation is supported in 1.1.17 onwards.
Therefore, 1.1.17 onwards is vulnerable to CVE-2009-3555 via server
initiated renegotiation unless the APR/native connector is built with
OpenSSL 0.9.8l.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message