You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by al...@apache.org on 2021/03/23 02:31:05 UTC
[kudu] branch master updated: KUDU-1926: disable TLS/SSL
renegotiation
This is an automated email from the ASF dual-hosted git repository.
alexey pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new d0c0483 KUDU-1926: disable TLS/SSL renegotiation
d0c0483 is described below
commit d0c0483a15db03c2bb4217d9c9ce15e39c858629
Author: Alexey Serbin <al...@apache.org>
AuthorDate: Thu Mar 18 16:07:25 2021 -0700
KUDU-1926: disable TLS/SSL renegotiation
This patch disables TLS ciphers renegotiation for TLSv1.2 and prior
protocol versions. In case of OpenSSL version 1.1.0h and newer, we are
using SSL_OP_NO_RENEGOTIATION option to disable all renegotiations. In
case of OpenSSL version prior to 1.1.0a, the undocumented flag
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS is used. See [1], [2] and [3]
for more context.
The moot point is the version interval between 1.1.0a and 1.1.0g
(inclusive): the SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag is no longer
available from the application side, but SSL_OP_NO_RENEGOTIATION is not
yet present. So, if a server binary has been compiled with OpenSSL in
the specified version range, it's still advertising the renegotiation
option, even if it's run against OpenSSL 1.1.0h or later versions.
[1] https://www.openssl.org/docs/man1.1.0/man3/SSL_set_options.html
[2] https://github.com/openssl/openssl/blob/f9398cc2b31858ddaaea3f5cfec2fce7f9b90347/CHANGES#L1038-L1049
[3] https://github.com/openssl/openssl/issues/4739
Change-Id: Ib585dcfc2c3f641268ceded19e0ea5c551d97ae1
Reviewed-on: http://gerrit.cloudera.org:8080/17204
Tested-by: Kudu Jenkins
Reviewed-by: Andrew Wong <aw...@cloudera.com>
---
src/kudu/security/tls_context.cc | 27 +++++++++++++++++++++++++--
1 file changed, 25 insertions(+), 2 deletions(-)
diff --git a/src/kudu/security/tls_context.cc b/src/kudu/security/tls_context.cc
index 52d8f0a..87e58e6 100644
--- a/src/kudu/security/tls_context.cc
+++ b/src/kudu/security/tls_context.cc
@@ -182,6 +182,22 @@ Status TlsContext::Init() {
tls_min_protocol_);
}
+#if OPENSSL_VERSION_NUMBER > 0x1010007fL
+ // KUDU-1926: disable TLS/SSL renegotiation.
+ // See https://www.openssl.org/docs/man1.1.0/man3/SSL_set_options.html for
+ // details. SSL_OP_NO_RENEGOTIATION option was back-ported from 1.1.1-dev to
+ // 1.1.0h, so this is a best-effort approach if the binary compiled with
+ // newer as per information in the CHANGES file for
+ // 'Changes between 1.1.0g and 1.1.0h [27 Mar 2018]':
+ // Note that if an application built against 1.1.0h headers (or above) is
+ // run using an older version of 1.1.0 (prior to 1.1.0h) then the option
+ // will be accepted but nothing will happen, i.e. renegotiation will
+ // not be prevented.
+ // The case of OpenSSL 1.0.2 and prior is handled by the InitiateHandshake()
+ // method.
+ options |= SSL_OP_NO_RENEGOTIATION;
+#endif
+
// We don't currently support TLS 1.3 because the one-and-a-half-RTT negotiation
// confuses our RPC negotiation protocol. See KUDU-2871.
options |= SSL_OP_NO_TLSv1_3;
@@ -239,8 +255,6 @@ Status TlsContext::Init() {
#endif
#endif
- // TODO(KUDU-1926): is it possible to disable client-side renegotiation? it seems there
- // have been various CVEs related to this feature that we don't need.
return Status::OK();
}
@@ -553,6 +567,15 @@ Status TlsContext::InitiateHandshake(TlsHandshake* handshake) const {
if (!ssl) {
return Status::RuntimeError("failed to create SSL handle", GetOpenSSLErrors());
}
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ // KUDU-1926: disable TLS/SSL renegotiation. In version 1.0.2 and prior it's
+ // possible to use the undocumented SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag.
+ // TlsContext::Init() takes care of that for OpenSSL version 1.1.0h and newer.
+ // For more context, see a note on the SSL_OP_NO_RENEGOTIATION option in the
+ // $OPENSSL_ROOT/CHANGES and https://github.com/openssl/openssl/issues/4739.
+ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+#endif
return handshake->Init(std::move(ssl));
}