You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2021/03/23 02:31:05 UTC

[kudu] branch master updated: KUDU-1926: disable TLS/SSL renegotiation

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/master by this push:
     new d0c0483  KUDU-1926: disable TLS/SSL renegotiation
d0c0483 is described below

commit d0c0483a15db03c2bb4217d9c9ce15e39c858629
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Thu Mar 18 16:07:25 2021 -0700

    KUDU-1926: disable TLS/SSL renegotiation
    
    This patch disables TLS ciphers renegotiation for TLSv1.2 and prior
    protocol versions.  In case of OpenSSL version 1.1.0h and newer, we are
    using SSL_OP_NO_RENEGOTIATION option to disable all renegotiations.  In
    case of OpenSSL version prior to 1.1.0a, the undocumented flag
    SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS is used.  See [1], [2] and [3]
    for more context.
    
    The moot point is the version interval between 1.1.0a and 1.1.0g
    (inclusive): the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag is no longer
    available from the application side, but SSL_OP_NO_RENEGOTIATION is not
    yet present.  So, if a server binary has been compiled with OpenSSL in
    the specified version range, it's still advertising the renegotiation
    option, even if it's run against OpenSSL 1.1.0h or later versions.
    
    [1] https://www.openssl.org/docs/man1.1.0/man3/SSL_set_options.html
    [2] https://github.com/openssl/openssl/blob/f9398cc2b31858ddaaea3f5cfec2fce7f9b90347/CHANGES#L1038-L1049
    [3] https://github.com/openssl/openssl/issues/4739
    
    Change-Id: Ib585dcfc2c3f641268ceded19e0ea5c551d97ae1
    Reviewed-on: http://gerrit.cloudera.org:8080/17204
    Tested-by: Kudu Jenkins
    Reviewed-by: Andrew Wong <aw...@cloudera.com>
---
 src/kudu/security/tls_context.cc | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/kudu/security/tls_context.cc b/src/kudu/security/tls_context.cc
index 52d8f0a..87e58e6 100644
--- a/src/kudu/security/tls_context.cc
+++ b/src/kudu/security/tls_context.cc
@@ -182,6 +182,22 @@ Status TlsContext::Init() {
                                    tls_min_protocol_);
   }
 
+#if OPENSSL_VERSION_NUMBER > 0x1010007fL
+  // KUDU-1926: disable TLS/SSL renegotiation.
+  // See https://www.openssl.org/docs/man1.1.0/man3/SSL_set_options.html for
+  // details. SSL_OP_NO_RENEGOTIATION option was back-ported from 1.1.1-dev to
+  // 1.1.0h, so this is a best-effort approach if the binary compiled with
+  // newer as per information in the CHANGES file for
+  // 'Changes between 1.1.0g and 1.1.0h [27 Mar 2018]':
+  //     Note that if an application built against 1.1.0h headers (or above) is
+  //     run using an older version of 1.1.0 (prior to 1.1.0h) then the option
+  //     will be accepted but nothing will happen, i.e. renegotiation will
+  //     not be prevented.
+  // The case of OpenSSL 1.0.2 and prior is handled by the InitiateHandshake()
+  // method.
+  options |= SSL_OP_NO_RENEGOTIATION;
+#endif
+
   // We don't currently support TLS 1.3 because the one-and-a-half-RTT negotiation
   // confuses our RPC negotiation protocol. See KUDU-2871.
   options |= SSL_OP_NO_TLSv1_3;
@@ -239,8 +255,6 @@ Status TlsContext::Init() {
 #endif
 #endif
 
-  // TODO(KUDU-1926): is it possible to disable client-side renegotiation? it seems there
-  // have been various CVEs related to this feature that we don't need.
   return Status::OK();
 }
 
@@ -553,6 +567,15 @@ Status TlsContext::InitiateHandshake(TlsHandshake* handshake) const {
   if (!ssl) {
     return Status::RuntimeError("failed to create SSL handle", GetOpenSSLErrors());
   }
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  // KUDU-1926: disable TLS/SSL renegotiation. In version 1.0.2 and prior it's
+  // possible to use the undocumented SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag.
+  // TlsContext::Init() takes care of that for OpenSSL version 1.1.0h and newer.
+  // For more context, see a note on the SSL_OP_NO_RENEGOTIATION option in the
+  // $OPENSSL_ROOT/CHANGES and https://github.com/openssl/openssl/issues/4739.
+  ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+#endif
   return handshake->Init(std::move(ssl));
 }