Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-04-01 Thread Heiko Hund 
On Tuesday 01 April 2014 00:45:16 Steffan Karger wrote:
> The attached patch fixes your problem, but if there is someone around
> with a better idea (and, preferrably, patch) to fix it, I'm all ears!

ACK, fixes the problem indeed, without introducing a new set of flags even.

Thanks
Heiko

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-31 Thread Steffan Karger 
Hi,

On 31-03-14 16:13, Heiko Hund wrote:
> On Sunday 23 March 2014 14:27:43 Steffan Karger wrote:
>> +AC_EGREP_CPP(have_ssl_op_no_ticket, [
>> +#include 
> 
> We just found that this breaks if the openssl headers are in a non-standard 
> place. The test above sets the -I option in CFLAGS, but not in CPPFLAGS. So, 
> maybe we should generally set -I in CPPFLAGS instead.

I'm not much of an autotools wizard, so I don't really know if there are
downsides to using CPPFLAGS insteadof CFLAGS everywhere.

The attached patch fixes your problem, but if there is someone around
with a better idea (and, preferrably, patch) to fix it, I'm all ears!

-Steffan
>From ccebcab605325f98a0ff22edbbbc089194e2e0ad Mon Sep 17 00:00:00 2001
From: Steffan Karger 
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue, 1 Apr 2014 00:33:55 +0200
Subject: [PATCH] configure.ac: use CPPFLAGS for SSL_OP_NO_TICKET check

AC_EGREP_CPP uses CPPFLAGS, not CFLAGS. Make sure the macro can find
OpenSSL by temporarily adding OPENSSL_CRYPTO_FLAGS to CPPFLAGS.

Signed-off-by: Steffan Karger 
---
 configure.ac | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/configure.ac b/configure.ac
index 7e94280..0c2abb9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -794,6 +794,8 @@ if test "${have_openssl_crypto}" = "yes"; then
 fi

 if test "${have_openssl_ssl}" = "yes"; then
+saved_CPPFLAGS="${CPPFLAGS}"
+CPPFLAGS="${CPPFLAGS} ${OPENSSL_CRYPTO_CFLAGS}"
 AC_MSG_CHECKING([for SSL_OP_NO_TICKET flag in OpenSSL])
 AC_EGREP_CPP(have_ssl_op_no_ticket, [
 #include 
@@ -806,6 +808,7 @@ if test "${have_openssl_ssl}" = "yes"; then
 AC_MSG_RESULT([no])
 AC_ERROR([OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL])
 ])
+CPPFLAGS="${saved_CPPFLAGS}"
 fi

 AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl])
-- 
1.8.3.2

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-31 Thread Heiko Hund 
On Sunday 23 March 2014 14:27:43 Steffan Karger wrote:
> +AC_EGREP_CPP(have_ssl_op_no_ticket, [
> +#include 

We just found that this breaks if the openssl headers are in a non-standard 
place. The test above sets the -I option in CFLAGS, but not in CPPFLAGS. So, 
maybe we should generally set -I in CPPFLAGS instead.

Heiko

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-23 Thread Steffan Karger 
On Sun, Mar 23, 2014 at 1:26 PM, Gert Doering  wrote:

> On Sun, Mar 23, 2014 at 10:22:57AM +0100, Steffan Karger wrote:
> > ACK. Message looks correct and clear to me.
>
> Thanks.  Committed and pushed as 2cf9d4e3f06f4a61cb6d159728ac6c8a790d6849.
>
> Can you send the needed patch for master/2.4?
>

See attachment :)

-Steffan
From 4f9d47bee3bef4102dfe8e13da21ab4bbe0a92a9 Mon Sep 17 00:00:00 2001
From: Steffan Karger 
Date: Sun, 23 Mar 2014 14:07:47 +0100
Subject: [PATCH] configure.ac: check for SSL_OP_NO_TICKET flag in OpenSSL

SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption".
This is something we do not want nor need, but could potentially be used
for a future attack. OpenVPN 2.4 requires the flag to be set and will fail
configure if the flag is not present.
---
 configure.ac | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/configure.ac b/configure.ac
index c622f33..2da6521 100644
--- a/configure.ac
+++ b/configure.ac
@@ -793,6 +793,21 @@ if test "${have_openssl_crypto}" = "yes"; then
 	LIBS="${saved_LIBS}"
 fi
 
+if test "${have_openssl_ssl}" = "yes"; then
+AC_MSG_CHECKING([for SSL_OP_NO_TICKET flag in OpenSSL])
+AC_EGREP_CPP(have_ssl_op_no_ticket, [
+#include 
+#ifdef SSL_OP_NO_TICKET
+have_ssl_op_no_ticket
+#endif
+], [
+AC_MSG_RESULT([yes])
+], [
+AC_MSG_RESULT([no])
+AC_ERROR([OpenVPN 2.4+ requires SSL_OP_NO_TICKET in OpenSSL])
+])
+fi
+
 AC_ARG_VAR([POLARSSL_CFLAGS], [C compiler flags for polarssl])
 AC_ARG_VAR([POLARSSL_LIBS], [linker flags for polarssl])
 have_polarssl_ssl="yes"
-- 
1.8.3.2

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-23 Thread Gert Doering 
Hi,

On Sun, Mar 23, 2014 at 10:22:57AM +0100, Steffan Karger wrote:
> ACK. Message looks correct and clear to me.

Thanks.  Committed and pushed as 2cf9d4e3f06f4a61cb6d159728ac6c8a790d6849.

Can you send the needed patch for master/2.4?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpCZSCjYH_9F.pgp
Description: PGP signature

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-23 Thread Steffan Karger 
Hi,

On Sat, Mar 22, 2014 at 7:35 PM, Gert Doering  wrote:

> On Tue, Mar 18, 2014 at 05:40:41PM +0100, Steffan Karger wrote:
> > > So it seems I spoke too soon... sorry for the noise, although I must
> > > say that I'm still in favour of checking for the existence of an IFDEF
> > > instead of relying on a particular version...
> >
> > Point taken, just checking the OpenSSL version does not suffice.
> > Still, I'd like to prevent more #ifdef's in the code. We could
> > check the #ifdef in configure.ac, and refuse to build when it's
> > not present. Any objections against requiring SSL_OP_NO_TICKET to
> > be present for OpenVPN 2.4+? We have to drop support for 'ancient
> > stuff' at some point.
>
> If I understood this all right, this feature improves OpenVPN security
> against yet-unknown attacks using a feature of OpenSSL that we don't
> use anyway.  Right?
>

Right.

So in that case, I'm fine with your proposal - do something on configure.ac
> that will check for SSL_OP_NO_TICKET and complain (with a useful error
> message :) ) if it's not there.
>
> For 2.3, I'd propose to add code to ssl_openssl.h like this:
>
> /* SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session
> resumption",
>  * as this is something we do not want nor need, but could potentially be
>  * used for a future attack.  For compatibility reasons, in the 2.3.x
>  * series, we keep building if the OpenSSL version is too old to support
>  * this.  2.4 requires it and will fail configure if not present.
>  */
> #ifndef SSL_OP_NO_TICKET
> # define SSL_OP_NO_TICKET 0
> #endif
>
>
> ACK?  Is the message correct?
>

ACK. Message looks correct and clear to me (but please remove the double
space before 2.4).

-Steffan

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-22 Thread Gert Doering 
Hi,

On Tue, Mar 18, 2014 at 05:40:41PM +0100, Steffan Karger wrote:
> > So it seems I spoke too soon... sorry for the noise, although I must
> > say that I'm still in favour of checking for the existence of an IFDEF
> > instead of relying on a particular version...
> 
> Point taken, just checking the OpenSSL version does not suffice.
> Still, I'd like to prevent more #ifdef's in the code. We could
> check the #ifdef in configure.ac, and refuse to build when it's
> not present. Any objections against requiring SSL_OP_NO_TICKET to
> be present for OpenVPN 2.4+? We have to drop support for 'ancient
> stuff' at some point.

If I understood this all right, this feature improves OpenVPN security
against yet-unknown attacks using a feature of OpenSSL that we don't
use anyway.  Right?

So in that case, I'm fine with your proposal - do something on configure.ac
that will check for SSL_OP_NO_TICKET and complain (with a useful error
message :) ) if it's not there.

For 2.3, I'd propose to add code to ssl_openssl.h like this:

/* SSL_OP_NO_TICKET tells OpenSSL to disable "stateless session resumption",
 * as this is something we do not want nor need, but could potentially be
 * used for a future attack.  For compatibility reasons, in the 2.3.x 
 * series, we keep building if the OpenSSL version is too old to support
 * this.  2.4 requires it and will fail configure if not present.
 */
#ifndef SSL_OP_NO_TICKET
# define SSL_OP_NO_TICKET 0
#endif


ACK?  Is the message correct?

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp8ka94c897Z.pgp
Description: PGP signature

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-18 Thread David Sommerseth 
On 18/03/14 17:40, Steffan Karger wrote:
> Hi,
> 
> On 18/03/2014 14:44, Jan Just Keijser wrote:
>> On 18/03/14 14:12, David Sommerseth wrote:
>>> On 18/03/14 10:51, Jan Just Keijser wrote:
 On 18/03/14 10:39, Steffan Karger wrote:
>> On 17/03/2014 23:23, James Yonan wrote:
>>
>> On 17/03/2014 14:29, Gert Doering wrote:
>>> Right now, if I read configure.ac correct, we require 0.9.6 or
>>> later (and check this only if pkg-config is available) - but
>>> obviously, SSL_OP_NO_TICKET was added later on.
>>>
>>> Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a
>>> more recent OpenSSL version
>> I would think an #ifdef should be fine.
> SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-
>> patchset (for 2.4) already requires 0.9.8, so I would prefer to require
>> 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3.
>
>
 I disagree. It is not safe to assume that the #ifdef is bound to a
 particular version of Openssl; for example, on my Centos 6.5 box I
 have openssl 1.0.1e yet the define
 #define SSL_OP_NO_TICKET0x4000L
 is NOT present in the system ssl.h file.
>>> I just checked RHEL 6.5 and ScientificLinux 6.4
>>> (openssl-1.0.1e-16.el6_5.4) ... they both have it this:
>>>
>>> # grep SSL_OP_NO_TICKET /usr/include/openssl/*
>>> /usr/include/openssl/ssl.h:#define SSL_OP_NO_TICKET
>> 0x4000L
>>>
>> this is most odd - I just checked a few other machines (CentOS 6.5) and
>> there the SSL_OP_NO_TICKET is present.
>> I then reinstalled openssl on the 'flawed' box and now it is present
>> also.
>> So it seems I spoke too soon... sorry for the noise, although I must
>> say that I'm still in favour of checking for the existence of an IFDEF
>> instead of relying on a particular version...
> 
> Point taken, just checking the OpenSSL version does not suffice.
> Still, I'd like to prevent more #ifdef's in the code. We could check the
> #ifdef in configure.ac, and refuse to build when it's not present. Any
> objections against requiring SSL_OP_NO_TICKET to be present for OpenVPN
> 2.4+? We have to drop support for 'ancient stuff' at some point.

I don't disagree with you ... but we need to think about what our users
may have installed.  James was concerned about RHEL4 support some years
ago, when we discussed if we should support OpenSSL 0.9.6 or not (which
was available in RHEL4, iirc).  At that time we agreed upon moving
towards a 0.9.8 requirement when RHEL4 was out of the normal support
cycle (which was February 29, 2012).

RHEL5 is fully supported until March 31, 2017.

I think it makes sense to follow RHEL's life cycle, as that is usually
one of the distributions at an enterprise level which is kept up-to-date
on critical issues throughout its life cycle.


-- 
kind regards,

David Sommerseth



signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-18 Thread Steffan Karger 
Hi,

On 18/03/2014 14:44, Jan Just Keijser wrote:
> On 18/03/14 14:12, David Sommerseth wrote:
> > On 18/03/14 10:51, Jan Just Keijser wrote:
> >> On 18/03/14 10:39, Steffan Karger wrote:
>  On 17/03/2014 23:23, James Yonan wrote:
> 
>  On 17/03/2014 14:29, Gert Doering wrote:
> > Right now, if I read configure.ac correct, we require 0.9.6 or
> > later (and check this only if pkg-config is available) - but
> > obviously, SSL_OP_NO_TICKET was added later on.
> >
> > Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a
> > more recent OpenSSL version
>  I would think an #ifdef should be fine.
> >>> SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-
> patchset (for 2.4) already requires 0.9.8, so I would prefer to require
> 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3.
> >>>
> >>>
> >> I disagree. It is not safe to assume that the #ifdef is bound to a
> >> particular version of Openssl; for example, on my Centos 6.5 box I
> >> have openssl 1.0.1e yet the define
> >> #define SSL_OP_NO_TICKET0x4000L
> >> is NOT present in the system ssl.h file.
> > I just checked RHEL 6.5 and ScientificLinux 6.4
> > (openssl-1.0.1e-16.el6_5.4) ... they both have it this:
> >
> > # grep SSL_OP_NO_TICKET /usr/include/openssl/*
> > /usr/include/openssl/ssl.h:#define SSL_OP_NO_TICKET
> 0x4000L
> >
> this is most odd - I just checked a few other machines (CentOS 6.5) and
> there the SSL_OP_NO_TICKET is present.
> I then reinstalled openssl on the 'flawed' box and now it is present
> also.
> So it seems I spoke too soon... sorry for the noise, although I must
> say that I'm still in favour of checking for the existence of an IFDEF
> instead of relying on a particular version...

Point taken, just checking the OpenSSL version does not suffice. Still, I'd 
like to prevent more #ifdef's in the code. We could check the #ifdef in 
configure.ac, and refuse to build when it's not present. Any objections against 
requiring SSL_OP_NO_TICKET to be present for OpenVPN 2.4+? We have to drop 
support for 'ancient stuff' at some point.

-Steffan

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-18 Thread Jan Just Keijser 

Hi David,

On 18/03/14 14:12, David Sommerseth wrote:

On 18/03/14 10:51, Jan Just Keijser wrote:

On 18/03/14 10:39, Steffan Karger wrote:

Hi,


On 17/03/2014 23:23, James Yonan wrote:

On 17/03/2014 14:29, Gert Doering wrote:

Right now, if I read configure.ac correct, we require 0.9.6 or later
(and check this only if pkg-config is available) - but obviously,
SSL_OP_NO_TICKET was added later on.

Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more
recent OpenSSL version

I would think an #ifdef should be fine.

SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-patchset (for 
2.4) already requires 0.9.8, so I would prefer to require 0.9.8f or newer for 
master/2.4, but just add #ifdef's for 2.3.



I disagree. It is not safe to assume that the #ifdef is bound to a
particular version of Openssl; for example, on my Centos 6.5 box I have
openssl 1.0.1e yet the define
#define SSL_OP_NO_TICKET0x4000L
is NOT present in the system ssl.h file.

I just checked RHEL 6.5 and ScientificLinux 6.4
(openssl-1.0.1e-16.el6_5.4) ... they both have it this:

# grep SSL_OP_NO_TICKET /usr/include/openssl/*
/usr/include/openssl/ssl.h:#define SSL_OP_NO_TICKET 0x4000L

this is most odd - I just checked a few other machines (CentOS 6.5) and 
there the SSL_OP_NO_TICKET is present.

I then reinstalled openssl on the 'flawed' box and now it is present also.
So it seems I spoke too soon... sorry for the noise, although I must say 
that I'm still in favour of checking for the existence of an IFDEF 
instead of relying on a particular version...


cheers,

JJK

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-18 Thread David Sommerseth 
On 18/03/14 10:39, Steffan Karger wrote:
> Hi,
> 
>> On 17/03/2014 23:23, James Yonan wrote:
>>
>> On 17/03/2014 14:29, Gert Doering wrote:
>>> Right now, if I read configure.ac correct, we require 0.9.6 or later
>>> (and check this only if pkg-config is available) - but obviously,
>>> SSL_OP_NO_TICKET was added later on.
>>>
>>> Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more
>>> recent OpenSSL version
>>
>> I would think an #ifdef should be fine.
> 
> SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The
> ECDH-patchset (for 2.4) already requires 0.9.8, so I would prefer to
> require 0.9.8f or newer for master/2.4, but just add #ifdef's for 2.3.

There's JJK's comments, which makes sense.  In addition, RHEL 5 (which
we're supposed to support) only ships openssl-0.9.8e.


-- 
kind regards,

David Sommerseth



signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-18 Thread Jan Just Keijser 

On 18/03/14 10:39, Steffan Karger wrote:

Hi,


On 17/03/2014 23:23, James Yonan wrote:

On 17/03/2014 14:29, Gert Doering wrote:

Right now, if I read configure.ac correct, we require 0.9.6 or later
(and check this only if pkg-config is available) - but obviously,
SSL_OP_NO_TICKET was added later on.

Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more
recent OpenSSL version

I would think an #ifdef should be fine.

SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-patchset (for 
2.4) already requires 0.9.8, so I would prefer to require 0.9.8f or newer for 
master/2.4, but just add #ifdef's for 2.3.


I disagree. It is not safe to assume that the #ifdef is bound to a 
particular version of Openssl; for example, on my Centos 6.5 box I have 
openssl 1.0.1e yet the define

  #define SSL_OP_NO_TICKET0x4000L
is NOT present in the system ssl.h file.
Don't ask me why, don't question the sanity of CentOS/RedHat, don't 
assume that "openssl vX.Y.Z will have support for "
(RedHat also strips ECDH support from openssl due to claimed licensing 
restrictions).


Let's just check for the #ifdef regardless of the version of OpenSSL.

cheers,

JJK

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-18 Thread Steffan Karger 
Hi,

> On 17/03/2014 23:23, James Yonan wrote:
> 
> On 17/03/2014 14:29, Gert Doering wrote:
> > Right now, if I read configure.ac correct, we require 0.9.6 or later
> > (and check this only if pkg-config is available) - but obviously,
> > SSL_OP_NO_TICKET was added later on.
> >
> > Fix 1: only use SSL_OP_NO_TICKET if available Fix 2: require a more
> > recent OpenSSL version
> 
> I would think an #ifdef should be fine.

SSL_OP_NO_TICKET was added in OpenSSL 0.9.8f / 1.0.0. The ECDH-patchset (for 
2.4) already requires 0.9.8, so I would prefer to require 0.9.8f or newer for 
master/2.4, but just add #ifdef's for 2.3. 

-Steffan

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread James Yonan 

On 17/03/2014 14:29, Gert Doering wrote:

Hi,

On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:

However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag.  This patch does this.


This actually raises an interesting question.  My OpenSolaris buildslave
fails compilation with

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include  -I../../src/compat -g -O2 -MT 
ssl_openssl.o -MD -MP -MF .deps/ssl_openssl.Tpo -c -o ssl_openssl.o 
ssl_openssl.c
ssl_openssl.c: In function `tls_ctx_set_options':
ssl_openssl.c:183: error: `SSL_OP_NO_TICKET' undeclared (first use in this 
function)

... while "configure" doesn't flag an error about the OpenSSL version
installed (0.9.8a-fips).  This is not ideal, if we know we're going to
fail at compile time due to missing functionality, we should tell the
user earlier.

Right now, if I read configure.ac correct, we require 0.9.6 or later (and
check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET
was added later on.

Fix 1: only use SSL_OP_NO_TICKET if available
Fix 2: require a more recent OpenSSL version


I would think an #ifdef should be fine.

James

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread Gert Doering 
Hi,

On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> However, even with the above code, stateless session resumption
> is still possible unless explicitly disabled with the
> SSL_OP_NO_TICKET flag.  This patch does this.

This actually raises an interesting question.  My OpenSolaris buildslave
fails compilation with

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include  -I../../src/compat -g -O2 -MT 
ssl_openssl.o -MD -MP -MF .deps/ssl_openssl.Tpo -c -o ssl_openssl.o 
ssl_openssl.c
ssl_openssl.c: In function `tls_ctx_set_options':  
ssl_openssl.c:183: error: `SSL_OP_NO_TICKET' undeclared (first use in this 
function)

... while "configure" doesn't flag an error about the OpenSSL version
installed (0.9.8a-fips).  This is not ideal, if we know we're going to 
fail at compile time due to missing functionality, we should tell the
user earlier.

Right now, if I read configure.ac correct, we require 0.9.6 or later (and
check this only if pkg-config is available) - but obviously, SSL_OP_NO_TICKET 
was added later on.

Fix 1: only use SSL_OP_NO_TICKET if available
Fix 2: require a more recent OpenSSL version

Crypto guys, send me patches :-)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgpchCO_TPZ4G.pgp
Description: PGP signature

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread David Sommerseth 
On 17/03/14 11:08, Steffan Karger wrote:
> Hi,
> 
>> -Original Message-
>> From: Gert Doering [mailto:g...@greenie.muc.de]
>> Sent: maandag 17 maart 2014 9:34
>> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
>> context for OpenSSL builds, to disable TLS stateless session
>> resumption.
>>
>> Hi,
>>
>> On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
>>> OpenVPN doesn't want or need SSL session renegotiation or resumption,
>>> as it handles renegotiation on its own.
>>>
>>> For this reason, OpenVPN always disables the SSL session cache:
>>>
>>> SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
>>>
>>> However, even with the above code, stateless session resumption is
>>> still possible unless explicitly disabled with the SSL_OP_NO_TICKET
>>> flag.  This patch does this.
>>
>> I assume this should go into all OpenVPN branches, that is, master,
>> 2.3, and if we ever do another 2.2, into that one as well?
>>
>> (not ACKing or NAKing the patch itself, this is not my field of
>> expertise)
> 
> I think this should go into all releases we'll do from now on.
> 
> Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems
> to fully disable TLS session renegotiation and resumption.

This patch only covers OpenSSL.  Is there an equivalent for PolarSSL as
well?  Or isn't it needed at all on PolarSSL?


-- 
kind regards,

David Sommerseth



signature.asc
Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread Steffan Karger 
Hi,

> -Original Message-
> From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net]
> Sent: maandag 17 maart 2014 11:40
> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
> context for OpenSSL builds, to disable TLS stateless session
> resumption.
> 
> On 17/03/14 11:08, Steffan Karger wrote:
> > I think this should go into all releases we'll do from now on.
> >
> > Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems
> > to fully disable TLS session renegotiation and resumption.
> 
> This patch only covers OpenSSL.  Is there an equivalent for PolarSSL as
> well?  Or isn't it needed at all on PolarSSL?

PolarSSL disables session renegotiation by default (sane defaults ftw!), and 
OpenVPN does not enable it. So there's nothing to fix for PolarSSL.

-Steffan

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread Steffan Karger 
Hi,

> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: maandag 17 maart 2014 9:34
> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
> context for OpenSSL builds, to disable TLS stateless session
> resumption.
> 
> Hi,
> 
> On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> > OpenVPN doesn't want or need SSL session renegotiation or resumption,
> > as it handles renegotiation on its own.
> >
> > For this reason, OpenVPN always disables the SSL session cache:
> >
> > SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
> >
> > However, even with the above code, stateless session resumption is
> > still possible unless explicitly disabled with the SSL_OP_NO_TICKET
> > flag.  This patch does this.
> 
> I assume this should go into all OpenVPN branches, that is, master,
> 2.3, and if we ever do another 2.2, into that one as well?
> 
> (not ACKing or NAKing the patch itself, this is not my field of
> expertise)

I think this should go into all releases we'll do from now on.

Also, ACK on the patch. Together with SSL_SESS_CACHE_OFF, this seems to fully 
disable TLS session renegotiation and resumption.

-Steffan

Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread Gert Doering 
Hi,

On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> OpenVPN doesn't want or need SSL session renegotiation or
> resumption, as it handles renegotiation on its own.
> 
> For this reason, OpenVPN always disables the SSL session cache:
> 
> SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
> 
> However, even with the above code, stateless session resumption
> is still possible unless explicitly disabled with the
> SSL_OP_NO_TICKET flag.  This patch does this.

I assume this should go into all OpenVPN branches, that is, master, 2.3, and
if we ever do another 2.2, into that one as well?

(not ACKing or NAKing the patch itself, this is not my field of expertise)

gert
-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


pgp_8BVLIlpfA.pgp
Description: PGP signature

[Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.

2014-03-17 Thread James Yonan 
OpenVPN doesn't want or need SSL session renegotiation or
resumption, as it handles renegotiation on its own.

For this reason, OpenVPN always disables the SSL session cache:

SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)

However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag.  This patch does this.
---
 src/openvpn/ssl_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 0dc1e81..938e9d4 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -208,7 +208,7 @@ tls_ctx_set_options (struct tls_root_ctx *ctx, unsigned int 
ssl_flags)

   /* process SSL options including minimum TLS version we will accept from 
peer */
   {
-long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+long sslopt = SSL_OP_SINGLE_DH_USE | SSL_OP_NO_TICKET | SSL_OP_NO_SSLv2 | 
SSL_OP_NO_SSLv3;
 const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) & 
SSLF_TLS_VERSION_MASK;
 if (tls_version_min > TLS_VER_UNSPEC)
   {
-- 
1.8.5.3