Hi, a few weeks ago, some vulnerability concerning SSL renegotiation was disclosed: http://www.thc.org/thc-ssl-dos http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html http://blog.ivanristic.com/2011/10/tls-renegotiation-and-denial-of-service-attacks.html
I use a web server whose SSL implementation is based on openssl. The web server was checked and found to be affected by the issue. I checked the openssl source code for an option to disable client-side renegotiation but I could not find one. I patched ssl/t1_lib.c in the openssl source and removed the client-renegotiation code in the *clienthello_tlsext* functions. That seems to have fixed the issue, at least the SSL security check tools did not report the vulnerability after that. However, I think simply removing client-side renegotiation code is not a good idea. Furthermore, it might have broken something else. While researching the issue I read MS IIS does not allow client-side renegotiation at all and Apache doesn't any more. Therefore it should be ok to turn it off at least in some environments. As far as I can see openssl users currently have no choice to turn it on or off because it's always activated. >From my point of view, it should be made configurable, ideally by using >SSL_CTX_set_options() and friends. Does anyone know if this is planned for a future release and does anyone consider this to be a sensible solution? Thank you and best regards Jan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
