-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
Oh, joy, more SSL_OP_NO_TICKET fallout. Changing the subject to separate this discussion from the original thread about topology subnet. On 12-07-14 15:50, Gert Doering wrote: > On Sat, Jul 12, 2014 at 02:55:21PM +0200, David Sommerseth wrote: >>> Well, OpenSSL considers this a "feature", not an "issue"... and >>> being able to turn off session resumption is also considered a >>> "feature"... >> >> Ahh, right! >> >> I thought this was related to a CVE, but it seems not, according >> the OpenSSL changelog I found on the net [1]. SSL_OP_NO_TICKET >> comes with the implementation of RFC4507, which was introduced in >> 0.9.8f. I just double checked EL5, and it uses 0.9.8e as the >> base version. According to the RPM changelog, I don't see that >> RFC4507 has ever been backported. > > Ah. So if that is correct, our simplistic implementation "if it is > not there, just #define SSL_OP_NO_TICKET 0" would be perfectly safe > in this regard, then. > >> But it would be good if others can double this and see if I've >> understood this correctly, just so I don't say anything wrong. > > Indeed :-) - Steffann? Yes, the SSL_OP_NO_TICKET flag was introduced together with the feature it disables (stateless session resumption). Sane backporters would also backport the flag when backporting the feature. So using the same "#define SSL_OP_NO_TICKET 0"-construction as in 2.3 should be fine. I think this is the way to go for 2.4 if we want to support RHEL5 until their end-of-production. The alternatives would be to either drop support for RHEL5 (seems unreasonable for such a silly fix) or keep maintaining 2.3 until RHEL5 end-of-support (much more work). Attached a patch that adds the 2.3 #ifdef construction to -master too. I updated the message to reflect that this is in master too now, and include the string '0.9.8', which should help with stripping this out again if 0.9.8-support is ever dropped. - -Steffan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJTwlHPAAoJEJgCyj0AftKImwcH/0mCSnA2LNFDP0542/yRnFTc mwufEafiZ936xY0eEYKERNMuISucAoHiOGrp+5EqSHSoGqX7TTkxZ3hIBVgQ4L37 p4b9pbkXNj5J4RelcFkH78lNKnNr9AnU5JHO1SJEO1qKAY0q5ypRclvTbytcN8o6 6UVnRzcjmDnyUOgPrSct+JK7Rm9BVCpDU2a7PK0fGASs3qS9NZOmBSDV9Eg2P5tn IdvoZUrI9ZPNLDWCoDpMOkpsvQPl2BeMJ0t5Ib/LRSE8dbvfxg+GldYYQ3YA4uu8 xylgnvNTwi1GfFEicwX+9g8NEkqDKmNJd6k/OzclVyhWi3209E6prwk20NX7RDs= =u8ld -----END PGP SIGNATURE-----
>From bbe56efb085138dca65dfe15b480eab47074b7e2 Mon Sep 17 00:00:00 2001 From: Steffan Karger <stef...@karger.me> List-Post: openvpn-devel@lists.sourceforge.net Date: Sun, 13 Jul 2014 11:26:32 +0200 Subject: [PATCH] Define dummy SSL_OP_NO_TICKET flag if not present in OpenSSL. This restores support for pre-0.9.8f OpenSSL versions, which do not include stateless session resumption, and the accompanying SSL_OP_NO_TICKET flag. Signed-off-by: Steffan Karger <stef...@karger.me> --- configure.ac | 19 ------------------- src/openvpn/ssl_openssl.h | 11 +++++++++++ 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/configure.ac b/configure.ac index 117eaf6..0d0ab88 100644 --- a/configure.ac +++ b/configure.ac @@ -814,25 +814,6 @@ if test "${have_openssl_crypto}" = "yes"; then LIBS="${saved_LIBS}" fi -if test "${enable_ssl}" = "yes" && test "${with_crypto_library}" = "openssl"; -then - saved_CPPFLAGS="${CPPFLAGS}" - CPPFLAGS="${CPPFLAGS} ${OPENSSL_CRYPTO_CFLAGS}" - AC_MSG_CHECKING([for SSL_OP_NO_TICKET flag in OpenSSL]) - AC_EGREP_CPP(have_ssl_op_no_ticket, [ - #include <openssl/ssl.h> - #ifdef SSL_OP_NO_TICKET - have_ssl_op_no_ticket - #endif - ], [ - AC_MSG_RESULT([yes]) - ], [ - AC_MSG_RESULT([no]) - AC_ERROR([OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL]) - ]) - CPPFLAGS="${saved_CPPFLAGS}" -fi - AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl]) AC_ARG_VAR([POLARSSL_LIBS], [linker flags for polarssl]) have_polarssl_ssl="yes" diff --git a/src/openvpn/ssl_openssl.h b/src/openvpn/ssl_openssl.h index fc2052c..97dc742 100644 --- a/src/openvpn/ssl_openssl.h +++ b/src/openvpn/ssl_openssl.h @@ -33,6 +33,17 @@ #include <openssl/ssl.h> /** + * SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption", + * as this is something we do not want nor need, but could potentially be + * used for a future attack. For compatibility reasons we keep building if the + * OpenSSL version is too old (pre-0.9.8f) to support stateless session + * resumption (and the accompanying SSL_OP_NO_TICKET flag). + */ +#ifndef SSL_OP_NO_TICKET +# define SSL_OP_NO_TICKET 0 +#endif + +/** * Structure that wraps the TLS context. Contents differ depending on the * SSL library used. */ -- 1.9.1
0001-Define-dummy-SSL_OP_NO_TICKET-flag-if-not-present-in.patch.sig
Description: PGP signature