I'm trying to migrated pound from an older load balancer to a new
machine, and ran into a problem connecting via HTTPS to a backend server
running Windows 2003. In my log files, I was seeing this error:
Jan 2 15:28:42 pound: BIO_do_handshake with <Win2003webserver>:443
failed: error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe
legacy renegotiation disabled
This error was only happening for Win 2003 servers, and not Win 2008.
Pound versions were the same (2.7d), but CentOS & openssl are different,
as follows:
Old server: Linux 2.6.18-371.12.1.el5 (CentOS 5.11), OpenSSL
0.9.8e-fips-rhel5 01 Jul 2008
New Server: Linux 3.10.0-123.13.2.el7.x86_64 (CentOS 7.0.1406), OpenSSL
1.0.1e-fips 11 Feb 2013
I also ran some diagnostics using openssl command, as follows:
openssl s_client -no_legacy_server_connect -connect <myserver>:443
On Linux 2.6, I got "Secure Renegotiation IS supported", and connection
left open. Where on Linux 3.0, I received "Secure Renegotiation IS NOT
supported", and connection closed. If I remove
"-no_legacy_server_connect" from Linux 3.0 call, it keeps the connection
open. Also, running openssl against Win2008 on Linux 3.0 returns
"Secure Renegotiation IS supported", so Win2008 is OK.
So, this looked like an openssl option, which was introduced in v1.0, so
I tracked down a problem to couple of openssl options being cleared in
config.c (I'm looking at Pound 2.7 branch) :
SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
I have a 2 part question:
1. Does anybody know if Win 2003 can support Secure Renegotiation?
2. Is there a reason why Pound would set these options to a backend (or
at least not make these optional)? I understand that there are
different vulnerabilities with web servers if these setting are set, but
this is being done on internal machines, not client-facing.
Additionally, these can be set when a client connects to pound via
SSLAllowClientRenegotiation in HTTPS Listener (though, as documentation
describes, this might leave your server to DoS exploits and other
vulnerabilities).
I'd rather find a patch for Win2003 (if there is one), and leave the
pound code the same (currently, I have commented out the 2 lines from
above, and able to connect to Win2003). But if there are none, should
pound allow connections to backends that don't support secure
renegotiations?
Albert
