On Mon, Jul 26, 1999, Matthias Loepfe wrote:
> > > Ok, here is take 3 and my cleaned up and finally proposed patch which solves
> > > the POST problems by pre-sucking pending input data from the SSL/TLS I/O layer
> > > and re-injecting them after the renegotiation phase into the Apache I/O layer.
> >
> > I don't want to blow away your work, but this seems to me
> > the wrong solution! Is it really okay, if a renegotiation
> > was initiated because of missing cipher strength, client
> > cert whatever to accept the data sent under other
> > conditions? What happens if renegotiation fails completely?
> > If client doesn't present a cert for example?
>
> I think you will get a FORBIDEN reply.
Yes, this has nothing to do with the pre-sucking of data. All we do with the
patch is to read the data from the SSL buffer before renegotiation and
re-injecting them after renegotiation later into the Apache buffer. When the
renegotiation fails in the middle, you still get a forbidden response, of
course.
> The real problem is, that if you want to protect the form data with
> a strong cipher, but as the request gets sent before the renegotiation,
> it is possible that some data gets transfered with a weak cipher in place.
That's correct, but I think that one has to accept this. That we up to now
renegotiated in the _MIDDLE_ of the request _receiving_ no one can reasonably
expect when using per-directory re-configuration of SSL parameters, IMHO. When
you send a request with a weak cipher to a SSL host you have to expect that
the whole request is sent with this weak cipher, of course. IMHO it would be
silly from a security point of view to really _expect_ that the cipher is
guaranteed to be changed between the MIME headers and the POST body. What one
can expect is that the _response_ is not sent until the renegotiation
happended, of course. And one can expect, that when it fails to renegotiate
the original response is not sent at all. But when you already want to protect
the POST data you've to already use a stronger cipher for the form page, of
course.
Or I'm missing some more essential points here?
BTW, what does ISS do? Does it really renegotiate between the MIME headers and
the following POST body?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
