Hi Joe Joe Orton wrote: > On Mon, Nov 16, 2009 at 09:59:12PM +0100, Hartmut Keil wrote: >> With the change described in >> https://issues.apache.org/bugzilla/show_bug.cgi?id=48204 >> the buffer used in ssl_io_input_read(..) will be reset, and so the second >> request of >> the MITM will be dropped. >> The first request will be executed, but since there is no Cookie from the >> victim is the >> less dangerous one. > > Thanks for posting. So you are proposing that mod_ssl discards any > decoded app-data message (i.e. HTTP traffic) *subsequent* to the data > making up the request which triggered the renegotiation, but before the > renegotiation occurs.
Correct > > This change would prevent a variant of the renegotiation prefix attack > against a site which uses both client cert auth in a per-dir/location > context, *and* HTTP-level authentication. It makes no difference to a > vulnerable site relying only on client cert auth in per-dir/loc context; > this would still be vulnerable. The same situation occurs if stronger cipher suites are configured per location, a wide used configuration pattern: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP <Location / > SSLCipherSuite HIGH:+AES:-MD5 </Location> > > This would break HTTP pipelining over SSL (for affected configurations), > and it might not fail gracefully - the server would appear to simply > never receive the pipelined requests. I'm relucant to do that. No, the proposed change would just affect to buffering-optimization in ssl_io_input_getline(...). Pipelining HTTP over SSL does not required, to decrypt/buffer more data then needed. > > A similar solution which detected pending buffered bytes after > completing the handshake (SSL_pending(ssl) does this), and giving a hard > failure (TLS level or HTTP level) might be better, but I haven't thought > that through in detail. That is no solution since the data are already consumed from SSL, there are no pending application_data. > > Regards, Joe Regards Hartmut -- AdNovum Informatik AG Hartmut Keil, Senior Software Engineer Dipl. Physiker Roentgenstrasse 22, CH-8005 Zurich mailto:[email protected] phone: +41 44 272 6111, fax: +41 44 272 6312 http://www.adnovum.ch AdNovum Locations: Bern, Budapest, San Mateo, Zurich (HQ)
