Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On Tuesday 01 April 2014 00:45:16 Steffan Karger wrote: > The attached patch fixes your problem, but if there is someone around > with a better idea (and, preferrably, patch) to fix it, I'm all ears! ACK, fixes the problem indeed, without introducing a new set of flags even. Thanks Heiko
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On 31-03-14 16:13, Heiko Hund wrote: > On Sunday 23 March 2014 14:27:43 Steffan Karger wrote: >> +AC_EGREP_CPP(have_ssl_op_no_ticket, [ >> +#include > > We just found that this breaks if the openssl headers are in a non-standard > place. The test above sets the -I option in CFLAGS, but not in CPPFLAGS. So, > maybe we should generally set -I in CPPFLAGS instead. I'm not much of an autotools wizard, so I don't really know if there are downsides to using CPPFLAGS insteadof CFLAGS everywhere. The attached patch fixes your problem, but if there is someone around with a better idea (and, preferrably, patch) to fix it, I'm all ears! -Steffan >From ccebcab605325f98a0ff22edbbbc089194e2e0ad Mon Sep 17 00:00:00 2001 From: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Tue, 1 Apr 2014 00:33:55 +0200 Subject: [PATCH] configure.ac: use CPPFLAGS for SSL_OP_NO_TICKET check AC_EGREP_CPP uses CPPFLAGS, not CFLAGS. Make sure the macro can find OpenSSL by temporarily adding OPENSSL_CRYPTO_FLAGS to CPPFLAGS. Signed-off-by: Steffan Karger --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 7e94280..0c2abb9 100644 --- a/configure.ac +++ b/configure.ac @@ -794,6 +794,8 @@ if test "${have_openssl_crypto}" = "yes"; then fi if test "${have_openssl_ssl}" = "yes"; then +saved_CPPFLAGS="${CPPFLAGS}" +CPPFLAGS="${CPPFLAGS} ${OPENSSL_CRYPTO_CFLAGS}" AC_MSG_CHECKING([for SSL_OP_NO_TICKET flag in OpenSSL]) AC_EGREP_CPP(have_ssl_op_no_ticket, [ #include @@ -806,6 +808,7 @@ if test "${have_openssl_ssl}" = "yes"; then AC_MSG_RESULT([no]) AC_ERROR([OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL]) ]) +CPPFLAGS="${saved_CPPFLAGS}" fi AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl]) -- 1.8.3.2
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On Sunday 23 March 2014 14:27:43 Steffan Karger wrote: > +AC_EGREP_CPP(have_ssl_op_no_ticket, [ > +#include We just found that this breaks if the openssl headers are in a non-standard place. The test above sets the -I option in CFLAGS, but not in CPPFLAGS. So, maybe we should generally set -I in CPPFLAGS instead. Heiko
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On Sun, Mar 23, 2014 at 1:26 PM, Gert Doering wrote: > On Sun, Mar 23, 2014 at 10:22:57AM +0100, Steffan Karger wrote: > > ACK. Message looks correct and clear to me. > > Thanks. Committed and pushed as 2cf9d4e3f06f4a61cb6d159728ac6c8a790d6849. > > Can you send the needed patch for master/2.4? > See attachment :) -Steffan From 4f9d47bee3bef4102dfe8e13da21ab4bbe0a92a9 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Sun, 23 Mar 2014 14:07:47 +0100 Subject: [PATCH] configure.ac: check for SSL_OP_NO_TICKET flag in OpenSSL SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption". This is something we do not want nor need, but could potentially be used for a future attack. OpenVPN 2.4 requires the flag to be set and will fail configure if the flag is not present. --- configure.ac | 15 +++ 1 file changed, 15 insertions(+) diff --git a/configure.ac b/configure.ac index c622f33..2da6521 100644 --- a/configure.ac +++ b/configure.ac @@ -793,6 +793,21 @@ if test "${have_openssl_crypto}" = "yes"; then LIBS="${saved_LIBS}" fi +if test "${have_openssl_ssl}" = "yes"; then +AC_MSG_CHECKING([for SSL_OP_NO_TICKET flag in OpenSSL]) +AC_EGREP_CPP(have_ssl_op_no_ticket, [ +#include +#ifdef SSL_OP_NO_TICKET +have_ssl_op_no_ticket +#endif +], [ +AC_MSG_RESULT([yes]) +], [ +AC_MSG_RESULT([no]) +AC_ERROR([OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL]) +]) +fi + AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl]) AC_ARG_VAR([POLARSSL_LIBS], [linker flags for polarssl]) have_polarssl_ssl="yes" -- 1.8.3.2
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On Sun, Mar 23, 2014 at 10:22:57AM +0100, Steffan Karger wrote: > ACK. Message looks correct and clear to me. Thanks. Committed and pushed as 2cf9d4e3f06f4a61cb6d159728ac6c8a790d6849. Can you send the needed patch for master/2.4? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpCZSCjYH_9F.pgp Description: PGP signature
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On Sat, Mar 22, 2014 at 7:35 PM, Gert Doering wrote: > On Tue, Mar 18, 2014 at 05:40:41PM +0100, Steffan Karger wrote: > > > So it seems I spoke too soon... sorry for the noise, although I must > > > say that I'm still in favour of checking for the existence of an IFDEF > > > instead of relying on a particular version... > > > > Point taken, just checking the OpenSSL version does not suffice. > > Still, I'd like to prevent more #ifdef's in the code. We could > > check the #ifdef in configure.ac, and refuse to build when it's > > not present. Any objections against requiring SSL_OP_NO_TICKET to > > be present for OpenVPN 2.4+? We have to drop support for 'ancient > > stuff' at some point. > > If I understood this all right, this feature improves OpenVPN security > against yet-unknown attacks using a feature of OpenSSL that we don't > use anyway. Right? > Right. So in that case, I'm fine with your proposal - do something on configure.ac > that will check for SSL_OP_NO_TICKET and complain (with a useful error > message :) ) if it's not there. > > For 2.3, I'd propose to add code to ssl_openssl.h like this: > > /* SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session > resumption", > * as this is something we do not want nor need, but could potentially be > * used for a future attack. For compatibility reasons, in the 2.3.x > * series, we keep building if the OpenSSL version is too old to support > * this. 2.4 requires it and will fail configure if not present. > */ > #ifndef SSL_OP_NO_TICKET > # define SSL_OP_NO_TICKET 0 > #endif > > > ACK? Is the message correct? > ACK. Message looks correct and clear to me (but please remove the double space before 2.4). -Steffan
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On Tue, Mar 18, 2014 at 05:40:41PM +0100, Steffan Karger wrote: > > So it seems I spoke too soon... sorry for the noise, although I must > > say that I'm still in favour of checking for the existence of an IFDEF > > instead of relying on a particular version... > > Point taken, just checking the OpenSSL version does not suffice. > Still, I'd like to prevent more #ifdef's in the code. We could > check the #ifdef in configure.ac, and refuse to build when it's > not present. Any objections against requiring SSL_OP_NO_TICKET to > be present for OpenVPN 2.4+? We have to drop support for 'ancient > stuff' at some point. If I understood this all right, this feature improves OpenVPN security against yet-unknown attacks using a feature of OpenSSL that we don't use anyway. Right? So in that case, I'm fine with your proposal - do something on configure.ac that will check for SSL_OP_NO_TICKET and complain (with a useful error message :) ) if it's not there. For 2.3, I'd propose to add code to ssl_openssl.h like this: /* SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption", * as this is something we do not want nor need, but could potentially be * used for a future attack. For compatibility reasons, in the 2.3.x * series, we keep building if the OpenSSL version is too old to support * this. 2.4 requires it and will fail configure if not present. */ #ifndef SSL_OP_NO_TICKET # define SSL_OP_NO_TICKET 0 #endif ACK? Is the message correct? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp8ka94c897Z.pgp Description: PGP signature
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On 18/03/14 17:40, Steffan Karger wrote: > Hi, > > On 18/03/2014 14:44, Jan Just Keijser wrote: >> On 18/03/14 14:12, David Sommerseth wrote: >>> On 18/03/14 10:51, Jan Just Keijser wrote: On 18/03/14 10:39, Steffan Karger wrote: >> On 17/03/2014 23:23, James Yonan wrote: >> >> On 17/03/2014 14:29, Gert Doering wrote: >>> Right now, if I read configure.ac correct, we require 0.9.6 or >>> later (and check this only if pkg-config is available) - but >>> obviously, SSL_OP_NO_TICKET was added later on. >>> >>> Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a >>> more recent OpenSSL version >> I would think an #ifdef should be fine. > SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH- >> patchset (for 2.4) already requires 0.9.8, so I would prefer to require >> 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3. > > I disagree. It is not safe to assume that the #ifdef is bound to a particular version of Openssl; for example, on my Centos 6.5 box I have openssl 1.0.1e yet the define #define SSL_OP_NO_TICKET0x4000L is NOT present in the system ssl.h file. >>> I just checked RHEL 6.5 and ScientificLinux 6.4 >>> (openssl-1.0.1e-16.el6_5.4) ... they both have it this: >>> >>> # grep SSL_OP_NO_TICKET /usr/include/openssl/* >>> /usr/include/openssl/ssl.h:#define SSL_OP_NO_TICKET >> 0x4000L >>> >> this is most odd - I just checked a few other machines (CentOS 6.5) and >> there the SSL_OP_NO_TICKET is present. >> I then reinstalled openssl on the 'flawed' box and now it is present >> also. >> So it seems I spoke too soon... sorry for the noise, although I must >> say that I'm still in favour of checking for the existence of an IFDEF >> instead of relying on a particular version... > > Point taken, just checking the OpenSSL version does not suffice. > Still, I'd like to prevent more #ifdef's in the code. We could check the > #ifdef in configure.ac, and refuse to build when it's not present. Any > objections against requiring SSL_OP_NO_TICKET to be present for OpenVPN > 2.4+? We have to drop support for 'ancient stuff' at some point. I don't disagree with you ... but we need to think about what our users may have installed. James was concerned about RHEL4 support some years ago, when we discussed if we should support OpenSSL 0.9.6 or not (which was available in RHEL4, iirc). At that time we agreed upon moving towards a 0.9.8 requirement when RHEL4 was out of the normal support cycle (which was February 29, 2012). RHEL5 is fully supported until March 31, 2017. I think it makes sense to follow RHEL's life cycle, as that is usually one of the distributions at an enterprise level which is kept up-to-date on critical issues throughout its life cycle. -- kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On 18/03/2014 14:44, Jan Just Keijser wrote: > On 18/03/14 14:12, David Sommerseth wrote: > > On 18/03/14 10:51, Jan Just Keijser wrote: > >> On 18/03/14 10:39, Steffan Karger wrote: > On 17/03/2014 23:23, James Yonan wrote: > > On 17/03/2014 14:29, Gert Doering wrote: > > Right now, if I read configure.ac correct, we require 0.9.6 or > > later (and check this only if pkg-config is available) - but > > obviously, SSL_OP_NO_TICKET was added later on. > > > > Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a > > more recent OpenSSL version > I would think an #ifdef should be fine. > >>> SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH- > patchset (for 2.4) already requires 0.9.8, so I would prefer to require > 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3. > >>> > >>> > >> I disagree. It is not safe to assume that the #ifdef is bound to a > >> particular version of Openssl; for example, on my Centos 6.5 box I > >> have openssl 1.0.1e yet the define > >> #define SSL_OP_NO_TICKET0x4000L > >> is NOT present in the system ssl.h file. > > I just checked RHEL 6.5 and ScientificLinux 6.4 > > (openssl-1.0.1e-16.el6_5.4) ... they both have it this: > > > > # grep SSL_OP_NO_TICKET /usr/include/openssl/* > > /usr/include/openssl/ssl.h:#define SSL_OP_NO_TICKET > 0x4000L > > > this is most odd - I just checked a few other machines (CentOS 6.5) and > there the SSL_OP_NO_TICKET is present. > I then reinstalled openssl on the 'flawed' box and now it is present > also. > So it seems I spoke too soon... sorry for the noise, although I must > say that I'm still in favour of checking for the existence of an IFDEF > instead of relying on a particular version... Point taken, just checking the OpenSSL version does not suffice. Still, I'd like to prevent more #ifdef's in the code. We could check the #ifdef in configure.ac, and refuse to build when it's not present. Any objections against requiring SSL_OP_NO_TICKET to be present for OpenVPN 2.4+? We have to drop support for 'ancient stuff' at some point. -Steffan
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi David, On 18/03/14 14:12, David Sommerseth wrote: On 18/03/14 10:51, Jan Just Keijser wrote: On 18/03/14 10:39, Steffan Karger wrote: Hi, On 17/03/2014 23:23, James Yonan wrote: On 17/03/2014 14:29, Gert Doering wrote: Right now, if I read configure.ac correct, we require 0.9.6 or later (and check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET was added later on. Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more recent OpenSSL version I would think an #ifdef should be fine. SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-patchset (for 2.4) already requires 0.9.8, so I would prefer to require 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3. I disagree. It is not safe to assume that the #ifdef is bound to a particular version of Openssl; for example, on my Centos 6.5 box I have openssl 1.0.1e yet the define #define SSL_OP_NO_TICKET0x4000L is NOT present in the system ssl.h file. I just checked RHEL 6.5 and ScientificLinux 6.4 (openssl-1.0.1e-16.el6_5.4) ... they both have it this: # grep SSL_OP_NO_TICKET /usr/include/openssl/* /usr/include/openssl/ssl.h:#define SSL_OP_NO_TICKET 0x4000L this is most odd - I just checked a few other machines (CentOS 6.5) and there the SSL_OP_NO_TICKET is present. I then reinstalled openssl on the 'flawed' box and now it is present also. So it seems I spoke too soon... sorry for the noise, although I must say that I'm still in favour of checking for the existence of an IFDEF instead of relying on a particular version... cheers, JJK
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On 18/03/14 10:39, Steffan Karger wrote: > Hi, > >> On 17/03/2014 23:23, James Yonan wrote: >> >> On 17/03/2014 14:29, Gert Doering wrote: >>> Right now, if I read configure.ac correct, we require 0.9.6 or later >>> (and check this only if pkg-config is available) - but obviously, >>> SSL_OP_NO_TICKET was added later on. >>> >>> Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more >>> recent OpenSSL version >> >> I would think an #ifdef should be fine. > > SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The > ECDH-patchset (for 2.4) already requires 0.9.8, so I would prefer to > require 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3. There's JJK's comments, which makes sense. In addition, RHEL 5 (which we're supposed to support) only ships openssl-0.9.8e. -- kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On 18/03/14 10:39, Steffan Karger wrote: Hi, On 17/03/2014 23:23, James Yonan wrote: On 17/03/2014 14:29, Gert Doering wrote: Right now, if I read configure.ac correct, we require 0.9.6 or later (and check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET was added later on. Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more recent OpenSSL version I would think an #ifdef should be fine. SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-patchset (for 2.4) already requires 0.9.8, so I would prefer to require 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3. I disagree. It is not safe to assume that the #ifdef is bound to a particular version of Openssl; for example, on my Centos 6.5 box I have openssl 1.0.1e yet the define #define SSL_OP_NO_TICKET0x4000L is NOT present in the system ssl.h file. Don't ask me why, don't question the sanity of CentOS/RedHat, don't assume that "openssl vX.Y.Z will have support for " (RedHat also strips ECDH support from openssl due to claimed licensing restrictions). Let's just check for the #ifdef regardless of the version of OpenSSL. cheers, JJK
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, > On 17/03/2014 23:23, James Yonan wrote: > > On 17/03/2014 14:29, Gert Doering wrote: > > Right now, if I read configure.ac correct, we require 0.9.6 or later > > (and check this only if pkg-config is available) - but obviously, > > SSL_OP_NO_TICKET was added later on. > > > > Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more > > recent OpenSSL version > > I would think an #ifdef should be fine. SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-patchset (for 2.4) already requires 0.9.8, so I would prefer to require 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3. -Steffan
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On 17/03/2014 14:29, Gert Doering wrote: Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: However, even with the above code, stateless session resumption is still possible unless explicitly disabled with the SSL_OP_NO_TICKET flag. This patch does this. This actually raises an interesting question. My OpenSolaris buildslave fails compilation with gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat -g -O2 -MT ssl_openssl.o -MD -MP -MF .deps/ssl_openssl.Tpo -c -o ssl_openssl.o ssl_openssl.c ssl_openssl.c: In function `tls_ctx_set_options': ssl_openssl.c:183: error: `SSL_OP_NO_TICKET' undeclared (first use in this function) ... while "configure" doesn't flag an error about the OpenSSL version installed (0.9.8a-fips). This is not ideal, if we know we're going to fail at compile time due to missing functionality, we should tell the user earlier. Right now, if I read configure.ac correct, we require 0.9.6 or later (and check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET was added later on. Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more recent OpenSSL version I would think an #ifdef should be fine. James
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > However, even with the above code, stateless session resumption > is still possible unless explicitly disabled with the > SSL_OP_NO_TICKET flag. This patch does this. This actually raises an interesting question. My OpenSolaris buildslave fails compilation with gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat -g -O2 -MT ssl_openssl.o -MD -MP -MF .deps/ssl_openssl.Tpo -c -o ssl_openssl.o ssl_openssl.c ssl_openssl.c: In function `tls_ctx_set_options': ssl_openssl.c:183: error: `SSL_OP_NO_TICKET' undeclared (first use in this function) ... while "configure" doesn't flag an error about the OpenSSL version installed (0.9.8a-fips). This is not ideal, if we know we're going to fail at compile time due to missing functionality, we should tell the user earlier. Right now, if I read configure.ac correct, we require 0.9.6 or later (and check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET was added later on. Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more recent OpenSSL version Crypto guys, send me patches :-) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpchCO_TPZ4G.pgp Description: PGP signature
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
On 17/03/14 11:08, Steffan Karger wrote: > Hi, > >> -Original Message- >> From: Gert Doering [mailto:g...@greenie.muc.de] >> Sent: maandag 17 maart 2014 9:34 >> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL >> context for OpenSSL builds, to disable TLS stateless session >> resumption. >> >> Hi, >> >> On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: >>> OpenVPN doesn't want or need SSL session renegotiation or resumption, >>> as it handles renegotiation on its own. >>> >>> For this reason, OpenVPN always disables the SSL session cache: >>> >>> SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) >>> >>> However, even with the above code, stateless session resumption is >>> still possible unless explicitly disabled with the SSL_OP_NO_TICKET >>> flag. This patch does this. >> >> I assume this should go into all OpenVPN branches, that is, master, >> 2.3, and if we ever do another 2.2, into that one as well? >> >> (not ACKing or NAKing the patch itself, this is not my field of >> expertise) > > I think this should go into all releases we'll do from now on. > > Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems > to fully disable TLS session renegotiation and resumption. This patch only covers OpenSSL. Is there an equivalent for PolarSSL as well? Or isn't it needed at all on PolarSSL? -- kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, > -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: maandag 17 maart 2014 11:40 > Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL > context for OpenSSL builds, to disable TLS stateless session > resumption. > > On 17/03/14 11:08, Steffan Karger wrote: > > I think this should go into all releases we'll do from now on. > > > > Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems > > to fully disable TLS session renegotiation and resumption. > > This patch only covers OpenSSL. Is there an equivalent for PolarSSL as > well? Or isn't it needed at all on PolarSSL? PolarSSL disables session renegotiation by default (sane defaults ftw!), and OpenVPN does not enable it. So there's nothing to fix for PolarSSL. -Steffan
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, > -Original Message- > From: Gert Doering [mailto:g...@greenie.muc.de] > Sent: maandag 17 maart 2014 9:34 > Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL > context for OpenSSL builds, to disable TLS stateless session > resumption. > > Hi, > > On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > > OpenVPN doesn't want or need SSL session renegotiation or resumption, > > as it handles renegotiation on its own. > > > > For this reason, OpenVPN always disables the SSL session cache: > > > > SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) > > > > However, even with the above code, stateless session resumption is > > still possible unless explicitly disabled with the SSL_OP_NO_TICKET > > flag. This patch does this. > > I assume this should go into all OpenVPN branches, that is, master, > 2.3, and if we ever do another 2.2, into that one as well? > > (not ACKing or NAKing the patch itself, this is not my field of > expertise) I think this should go into all releases we'll do from now on. Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems to fully disable TLS session renegotiation and resumption. -Steffan
Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Hi, On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote: > OpenVPN doesn't want or need SSL session renegotiation or > resumption, as it handles renegotiation on its own. > > For this reason, OpenVPN always disables the SSL session cache: > > SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) > > However, even with the above code, stateless session resumption > is still possible unless explicitly disabled with the > SSL_OP_NO_TICKET flag. This patch does this. I assume this should go into all OpenVPN branches, that is, master, 2.3, and if we ever do another 2.2, into that one as well? (not ACKing or NAKing the patch itself, this is not my field of expertise) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgp_8BVLIlpfA.pgp Description: PGP signature
[Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
OpenVPN doesn't want or need SSL session renegotiation or resumption, as it handles renegotiation on its own. For this reason, OpenVPN always disables the SSL session cache: SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF) However, even with the above code, stateless session resumption is still possible unless explicitly disabled with the SSL_OP_NO_TICKET flag. This patch does this. --- src/openvpn/ssl_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 0dc1e81..938e9d4 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -208,7 +208,7 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int ssl_flags) /* process SSL options including minimum TLS version we will accept from peer */ { -long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; +long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3; const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & SSLF_TLS_VERSION_MASK; if (tls_version_min > TLS_VER_UNSPEC) { -- 1.8.5.3