Correction, I only need to comment out the line with
"SSL_OP_LEGACY_SERVER_CONNECT" to make openssl v1.0.1e work with Windows
2003 server. Also, we're using IIS6 as our web server on the windows boxes.
On 1/4/2015 11:14 AM, Albert wrote:
I'm trying to migrated pound from an older load balancer to a new
machine, and ran into a problem connecting via HTTPS to a backend
server running Windows 2003. In my log files, I was seeing this error:
Jan 2 15:28:42 pound: BIO_do_handshake with <Win2003webserver>:443
failed: error:1412F152:SSL
routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy renegotiation disabled
This error was only happening for Win 2003 servers, and not Win 2008.
Pound versions were the same (2.7d), but CentOS & openssl are
different, as follows:
Old server: Linux 2.6.18-371.12.1.el5 (CentOS 5.11), OpenSSL
0.9.8e-fips-rhel5 01 Jul 2008
New Server: Linux 3.10.0-123.13.2.el7.x86_64 (CentOS 7.0.1406),
OpenSSL 1.0.1e-fips 11 Feb 2013
I also ran some diagnostics using openssl command, as follows:
openssl s_client -no_legacy_server_connect -connect <myserver>:443
On Linux 2.6, I got "Secure Renegotiation IS supported", and
connection left open. Where on Linux 3.0, I received "Secure
Renegotiation IS NOT supported", and connection closed. If I remove
"-no_legacy_server_connect" from Linux 3.0 call, it keeps the
connection open. Also, running openssl against Win2008 on Linux 3.0
returns "Secure Renegotiation IS supported", so Win2008 is OK.
So, this looked like an openssl option, which was introduced in v1.0,
so I tracked down a problem to couple of openssl options being cleared
in config.c (I'm looking at Pound 2.7 branch) :
SSL_CTX_clear_options(res->ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
SSL_CTX_clear_options(res->ctx, SSL_OP_LEGACY_SERVER_CONNECT);
I have a 2 part question:
1. Does anybody know if Win 2003 can support Secure Renegotiation?
2. Is there a reason why Pound would set these options to a backend
(or at least not make these optional)? I understand that there are
different vulnerabilities with web servers if these setting are set,
but this is being done on internal machines, not client-facing.
Additionally, these can be set when a client connects to pound via
SSLAllowClientRenegotiation in HTTPS Listener (though, as
documentation describes, this might leave your server to DoS exploits
and other vulnerabilities).
I'd rather find a patch for Win2003 (if there is one), and leave the
pound code the same (currently, I have commented out the 2 lines from
above, and able to connect to Win2003). But if there are none, should
pound allow connections to backends that don't support secure
renegotiations?
Albert
