On Mon, May 04, 2020 at 09:59:24AM -0400, Eric Covener wrote: > On Mon, May 4, 2020 at 9:49 AM Joe Orton <[email protected]> wrote: > > c) Client-initiated renegotiation prevention mechanism. This was > > introduced mostly as a temporary workaround for CVE-2009-3555, and as > > the saying goes, there is nothing as permanent as a temporary > > workaround. This already doesn't apply for TLSv1.3, and it doesn't > > really add much for TLS < v1.3 so I think it can go completely. > > I am not familiar with this one in mod_ssl but I am familiar with the issue. > Does it generate distinctive log messages for TLS < 1.3 that are > useful for e.g. fail2ban?
Yes - APLOGNO(02042) is generated here. > Has OpenSSL caught up and can we directly kill client-initiated renegotiation? Great question. Looks like OpenSSL 1.1.1 added a new option flag, SSL_OP_NO_RENEGOTIATION, which does exactly this, so we could use that instead of the current code which has to track and intercept handshakes manually. It also sends a TLS alert rather than simply aborting the connection, so it's better behaved than the current code. I'll look at switching over to this instead of dropping it instead. Thanks! Regards, Joe
