> On Fri, Jun 15, 2018 at 9:38 AM, Yann Ylavic <[email protected]> wrote:
>> On Fri, Jun 15, 2018 at 8:59 AM, Yann Ylavic <[email protected]> wrote:
>>>> On Fri, Jun 15, 2018 at 3:06 AM, Dennis Clarke <[email protected]>
>>>> wrote:
>>>>>
>>>>> [Fri Jun 15 00:59:59.788742 2018] [ssl:error] [pid 2250:tid 27] [client
>>>>> 68.179.116.201:34466] AH02042: rejecting client initiated renegotiation
>>>
>>> This suggests that with TLS 1.3, unlike with previous protocols, the
>>> ssl_callback_Info callback is always called by openssl (some specific
>>> extension only?). httpd is not prepared to that and thinks it's a
>>> client renegotiation.
>>>
>>> I didn't look at TLS 1.3 yet, but something along this looks seems
>>> plausible.
>>
>> For instance, multiple session tickets might call the callback more than
>> once:
>> https://github.com/openssl/openssl/blob/master/ssl/statem/statem_srvr.c#L3785
>>
>> Since renegotiations are forbidden by TLS 1.3 in the first place
>> (enforced by openssl probably), I think that the check for
>> renegotiations should be disabled in our ssl_callback_Info (for TLS
>> 1.3).
Dennis, does the attached patch help?
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c (revision 1833451)
+++ modules/ssl/ssl_engine_kernel.c (working copy)
@@ -2238,7 +2238,6 @@ void ssl_callback_Info(const SSL *ssl, int where,
{
conn_rec *c;
server_rec *s;
- SSLConnRec *scr;
/* Retrieve the conn_rec and the associated SSLConnRec. */
if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
@@ -2245,25 +2244,33 @@ void ssl_callback_Info(const SSL *ssl, int where,
return;
}
- if ((scr = myConnConfig(c)) == NULL) {
- return;
- }
+#if SSL_HAVE_PROTOCOL_TLSV1_3
+ if (SSL_version(ssl) < TLS1_3_VERSION)
+#endif
+ {
+ SSLConnRec *scr;
- /* If the reneg state is to reject renegotiations, check the SSL
- * state machine and move to ABORT if a Client Hello is being
- * read. */
- if (!scr->is_proxy &&
- (where & SSL_CB_HANDSHAKE_START) &&
- scr->reneg_state == RENEG_REJECT) {
- scr->reneg_state = RENEG_ABORT;
- ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
- "rejecting client initiated renegotiation");
+ if ((scr = myConnConfig(c)) == NULL) {
+ return;
+ }
+
+ /* If the reneg state is to reject renegotiations, check the SSL
+ * state machine and move to ABORT if a Client Hello is being
+ * read. */
+ if (!scr->is_proxy &&
+ (where & SSL_CB_HANDSHAKE_START) &&
+ scr->reneg_state == RENEG_REJECT) {
+ scr->reneg_state = RENEG_ABORT;
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
+ "rejecting client initiated renegotiation");
+ }
+ /* If the first handshake is complete, change state to reject any
+ * subsequent client-initiated renegotiation. */
+ else if ((where & SSL_CB_HANDSHAKE_DONE)
+ && scr->reneg_state == RENEG_INIT) {
+ scr->reneg_state = RENEG_REJECT;
+ }
}
- /* If the first handshake is complete, change state to reject any
- * subsequent client-initiated renegotiation. */
- else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
- scr->reneg_state = RENEG_REJECT;
- }
s = mySrvFromConn(c);
if (s && APLOGdebug(s)) {
