You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe Jr." <wr...@rowe-clan.net> on 2010/03/22 14:52:13 UTC
Nod to 2.0, one more time?
Wondering if we are comfortable tagging and releasing 2.0.64 in the
coming days? These security issues aught to be addressed, and while
we are at it, it just seems like a nice thing to do as we get closer
to some 2.3 beta and further from any more improvements to 2.0.
Opinions? Volunteers? If there are no objections and no volunteer,
its something I'm happy to do later this week. I'll review the set
of ssl patches tomorrow.
Re: Nod to 2.0, one more time?
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 3/22/2010 9:51 AM, Rainer Jung wrote:
> On 22.03.2010 14:52, William A. Rowe Jr. wrote:
>> Wondering if we are comfortable tagging and releasing 2.0.64 in the
>> coming days? These security issues aught to be addressed, and while
>> we are at it, it just seems like a nice thing to do as we get closer
>> to some 2.3 beta and further from any more improvements to 2.0.
>>
>> Opinions? Volunteers? If there are no objections and no volunteer,
>> its something I'm happy to do later this week. I'll review the set
>> of ssl patches tomorrow.
>
> I agree there should be a release fixing (at least) CVE-2009-3555 (ssl
> reneg). My tests were positive, but more eyes are very welcome.
>
> Unfortunately I'm mostly offline Wednesday/Thursday, so if there is a
> problem with those patches I might not be able to respond quickly during
> those days.
I'm going to look at Jeff's observation about APR 0.9, and there's a good
chance this could wrap around into early next week, giving us time to go
ahead and T&R APR 0.9 releases this week.
Re: Nod to 2.0, one more time?
Posted by Rainer Jung <ra...@kippdata.de>.
On 25.03.2010 00:20, William A. Rowe Jr. wrote:
> On 3/24/2010 5:51 PM, Rainer Jung wrote:
>>
>> The server only needs server initiated renegotiations.
>
> As repeated several times, there are apparently micro SSL implementations
> out there in the wild, e.g. cell phone browsers, who choose to renegotiate
> and - seeing an alert that it is not supported, hum merrily along.
>
> So the 'shut down the connection' flavor of halting server initiated
> renegotiation breaks such clients, while the openssl 0.9.8m graceful
> handling supports such renegotiation requests with a polite refusal.
With respect to 2.0 the behaviour with the proposed patches should be
identical to 2.2.
Concerning those special SSL clients: I had the impression there is
still not enough facts around even when following the OpenSSL discussion
list. Yes, there are such clients, but we still can't be completely sure
about their interoperability with 0.9.8m.
Regards,
Rainer
Re: Nod to 2.0, one more time?
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 3/24/2010 5:51 PM, Rainer Jung wrote:
>
> The server only needs server initiated renegotiations.
As repeated several times, there are apparently micro SSL implementations
out there in the wild, e.g. cell phone browsers, who choose to renegotiate
and - seeing an alert that it is not supported, hum merrily along.
So the 'shut down the connection' flavor of halting server initiated
renegotiation breaks such clients, while the openssl 0.9.8m graceful
handling supports such renegotiation requests with a polite refusal.
Re: Nod to 2.0, one more time?
Posted by Rainer Jung <ra...@kippdata.de>.
Hi Gregg,
thanks for testing, see comments below.
On 24.03.2010 23:17, Gregg L. Smith wrote:
> Rainer Jung wrote:
>> On 22.03.2010 14:52, William A. Rowe Jr. wrote:
>>> Wondering if we are comfortable tagging and releasing 2.0.64 in the
>>
>> I agree there should be a release fixing (at least) CVE-2009-3555 (ssl
>> reneg). My tests were positive, but more eyes are very welcome.
>>
>
> Rainer,
>
> XP SP2 VC6 SDK 2003 R2
> Apache/2.0.64-dev (Win32) mod_ssl/2.0.64-dev OpenSSL/0.9.8m
>
> In reference to the CVE-2009-3555 patches and the
> SSLInsecureRenegotiation patch
>
> Following your instructions;
>
> * Patch applies also on top of the two above partial fixes for
> CVE-2009-3555 with some offset and fuzz.
>
> cve-2009-3555_httpd_2_0_x-v2.patch
> + cve-2009-3555_httpd_2_0_x-backport-r891282.patch
> + SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch
> = Failure
You mean functional failure, not failed to apply patch?
There are two ways, how an SSL renegotiation can be initiated:
- the client can initiate it
- the server can initiate it
All your tests - using the OpenSSL "R" command - perform a client
initiated renegotiation. The first patch disables client initiated
renegotiations completely. They are not needed for making the server
work and are one possible attack vector.
The server only needs server initiated renegotiations. For testing those
you can e.g. use some cipher X in the ssl configuration of a vhost and
require another cipher Y in some <Location> below that vhost. If you now
visit the vhost, the initial handshake should result in the cipher X.
When browing to the location, a server initiated renegotiation will
happen and lead to the other cipher Y. You can check that by logging the
cipher in the access log. You can also log the ssl session id in the
access log and verify that the ssl session does not change. For this
final check to work, you will need to disable client side session
handling. E.g. for Firefox you go to the URL "about:config" and set
"security.enable_tls_session_tickets" to "false".
HTH!
Regards,
Rainer
> SSLInsecureRenegotiation On
> =========================================================================
> R
> RENEGOTIATING
> 3664:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:.\ssl\s3_pkt.c:530:
>
>
> I had accidentally left out the first patch when I was building and it
> worked fine. Realizing I had left one out and not sure which, I did it
> again with the three patches and it failed. I then tried the
> combinations 1 & 3, failure, 2 & 3 success.
>
> So;
>
> cve-2009-3555_httpd_2_0_x-backport-r891282.patch
> + SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch
> = Success as advertised
>
> SSLInsecureRenegotiation Off = Renegotiation failed
> SSLInsecureRenegotiation On = Renegotiation succeeded
>
> SSLInsecureRenegotiation Off
> =========================================================================
> E:\AOSSL098k>openssl
> OpenSSL> version
> OpenSSL 0.9.8k 25 Mar 2009
> OpenSSL> s_client -connect localhost:443
> ---
> R
> RENEGOTIATING
> 3696:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:.\ssl\s3_pkt.c:530:
> OpenSSL> exit
>
> =========================================================================
> SSLInsecureRenegotiation On
> =========================================================================
> ---
> R
> RENEGOTIATING
> depth=0 /C=US/ST=IOWA/L=DESMOINES/O=Snake Oil Ltd/OU=Snake Oil Ltd
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=US/ST=IOWA/L=DESMOINES/O=Snake Oil Ltd/OU=Snake Oil Ltd
> verify return:1
> GET /
> <html><body><h1>It works!</h1></body></html>
> closed
>
> To make sure I had it right, I reproduced it twice again.
> I do not pretend to know the consequence of leaving out the first patch.
> This is just my accidental observation.
>
> Since I know all three of the 2.2.x patches were applied to 2.2.15 I
> just gave it a try against my server running 2.2.15. There is the same
> problem as well. SSLInsecureRenegotiation On and it still fails to
> renegotiate with 0.9.8k client. I missed this during my tests leading up
> to 2.2.15.
>
> Gregg
Re: Nod to 2.0, one more time?
Posted by "Gregg L. Smith" <li...@glewis.com>.
Rainer Jung wrote:
> On 22.03.2010 14:52, William A. Rowe Jr. wrote:
>> Wondering if we are comfortable tagging and releasing 2.0.64 in the
>
> I agree there should be a release fixing (at least) CVE-2009-3555 (ssl
> reneg). My tests were positive, but more eyes are very welcome.
>
Rainer,
XP SP2 VC6 SDK 2003 R2
Apache/2.0.64-dev (Win32) mod_ssl/2.0.64-dev OpenSSL/0.9.8m
In reference to the CVE-2009-3555 patches and the
SSLInsecureRenegotiation patch
Following your instructions;
* Patch applies also on top of the two above partial fixes for
CVE-2009-3555 with some offset and fuzz.
cve-2009-3555_httpd_2_0_x-v2.patch
+ cve-2009-3555_httpd_2_0_x-backport-r891282.patch
+ SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch
= Failure
SSLInsecureRenegotiation On
=========================================================================
R
RENEGOTIATING
3664:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:.\ssl\s3_pkt.c:530:
I had accidentally left out the first patch when I was building and it
worked fine. Realizing I had left one out and not sure which, I did it
again with the three patches and it failed. I then tried the
combinations 1 & 3, failure, 2 & 3 success.
So;
cve-2009-3555_httpd_2_0_x-backport-r891282.patch
+ SSLInsecureRenegotiation_httpd_2_0_x-backport-r917044.patch
= Success as advertised
SSLInsecureRenegotiation Off = Renegotiation failed
SSLInsecureRenegotiation On = Renegotiation succeeded
SSLInsecureRenegotiation Off
=========================================================================
E:\AOSSL098k>openssl
OpenSSL> version
OpenSSL 0.9.8k 25 Mar 2009
OpenSSL> s_client -connect localhost:443
---
R
RENEGOTIATING
3696:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:.\ssl\s3_pkt.c:530:
OpenSSL> exit
=========================================================================
SSLInsecureRenegotiation On
=========================================================================
---
R
RENEGOTIATING
depth=0 /C=US/ST=IOWA/L=DESMOINES/O=Snake Oil Ltd/OU=Snake Oil Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=IOWA/L=DESMOINES/O=Snake Oil Ltd/OU=Snake Oil Ltd
verify return:1
GET /
<html><body><h1>It works!</h1></body></html>
closed
To make sure I had it right, I reproduced it twice again.
I do not pretend to know the consequence of leaving out the first patch.
This is just my accidental observation.
Since I know all three of the 2.2.x patches were applied to 2.2.15 I
just gave it a try against my server running 2.2.15. There is the same
problem as well. SSLInsecureRenegotiation On and it still fails to
renegotiate with 0.9.8k client. I missed this during my tests leading up
to 2.2.15.
Gregg
Re: Nod to 2.0, one more time?
Posted by Rainer Jung <ra...@kippdata.de>.
On 22.03.2010 14:52, William A. Rowe Jr. wrote:
> Wondering if we are comfortable tagging and releasing 2.0.64 in the
> coming days? These security issues aught to be addressed, and while
> we are at it, it just seems like a nice thing to do as we get closer
> to some 2.3 beta and further from any more improvements to 2.0.
>
> Opinions? Volunteers? If there are no objections and no volunteer,
> its something I'm happy to do later this week. I'll review the set
> of ssl patches tomorrow.
I agree there should be a release fixing (at least) CVE-2009-3555 (ssl
reneg). My tests were positive, but more eyes are very welcome.
Unfortunately I'm mostly offline Wednesday/Thursday, so if there is a
problem with those patches I might not be able to respond quickly during
those days.
Regards,
Rainer
Re: Nod to 2.0, one more time?
Posted by Jeff Trawick <tr...@gmail.com>.
On Mon, Mar 22, 2010 at 10:17 AM, Jeff Trawick <tr...@gmail.com> wrote:
> On Mon, Mar 22, 2010 at 9:52 AM, William A. Rowe Jr.
> <wr...@rowe-clan.net> wrote:
>> Wondering if we are comfortable tagging and releasing 2.0.64 in the
>> coming days? These security issues aught to be addressed, and while
>> we are at it, it just seems like a nice thing to do as we get closer
>> to some 2.3 beta and further from any more improvements to 2.0.
>>
>> Opinions? Volunteers? If there are no objections and no volunteer,
>> its something I'm happy to do later this week. I'll review the set
>> of ssl patches tomorrow.
>
> Does anyone feel a need to release APR and -Util first to resolve
0.9.x, that is (context = httpd 2.0.x, which uses APR 0.9.x)
Re: Nod to 2.0, one more time?
Posted by Jeff Trawick <tr...@gmail.com>.
On Mon, Mar 22, 2010 at 10:17 AM, Jeff Trawick <tr...@gmail.com> wrote:
> On Mon, Mar 22, 2010 at 9:52 AM, William A. Rowe Jr.
> <wr...@rowe-clan.net> wrote:
>> Wondering if we are comfortable tagging and releasing 2.0.64 in the
>> coming days? These security issues aught to be addressed, and while
>> we are at it, it just seems like a nice thing to do as we get closer
>> to some 2.3 beta and further from any more improvements to 2.0.
>>
>> Opinions? Volunteers? If there are no objections and no volunteer,
>> its something I'm happy to do later this week. I'll review the set
>> of ssl patches tomorrow.
>
> Does anyone feel a need to release APR and -Util first to resolve
0.9.x, that is (context = httpd 2.0.x, which uses APR 0.9.x)
Re: Nod to 2.0, one more time?
Posted by Mads Toftum <ma...@toftum.dk>.
On Mon, Mar 22, 2010 at 10:17:41AM -0400, Jeff Trawick wrote:
> Does anyone feel a need to release APR and -Util first to resolve
> CVE-2009-2412? I don't think it is so important personally, but it is
> worth asking.
>
Would be nice to get both things done at once to avoid as much pressure for
another 2.0.x soon.
vh
Mads Toftum
--
http://soulfood.dk
Re: Nod to 2.0, one more time?
Posted by Jeff Trawick <tr...@gmail.com>.
On Mon, Mar 22, 2010 at 9:52 AM, William A. Rowe Jr.
<wr...@rowe-clan.net> wrote:
> Wondering if we are comfortable tagging and releasing 2.0.64 in the
> coming days? These security issues aught to be addressed, and while
> we are at it, it just seems like a nice thing to do as we get closer
> to some 2.3 beta and further from any more improvements to 2.0.
>
> Opinions? Volunteers? If there are no objections and no volunteer,
> its something I'm happy to do later this week. I'll review the set
> of ssl patches tomorrow.
Does anyone feel a need to release APR and -Util first to resolve
CVE-2009-2412? I don't think it is so important personally, but it is
worth asking.
(I could RM those two soon-ish if generally considered the Right Thing to do.)
Re: Nod to 2.0, one more time?
Posted by Sander Temme <sc...@apache.org>.
On Mar 22, 2010, at 6:52 AM, William A. Rowe Jr. wrote:
> Wondering if we are comfortable tagging and releasing 2.0.64 in the
> coming days? These security issues aught to be addressed, and while
> we are at it, it just seems like a nice thing to do as we get closer
> to some 2.3 beta and further from any more improvements to 2.0.
+1
> Opinions? Volunteers? If there are no objections and no volunteer,
> its something I'm happy to do later this week. I'll review the set
> of ssl patches tomorrow.
I don't think I'd RM but I'll endeavor to test.
S.
--
Sander Temme
sctemme@apache.org
PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
Re: Nod to 2.0, one more time?
Posted by Jeff Trawick <tr...@gmail.com>.
On Mon, Mar 22, 2010 at 9:52 AM, William A. Rowe Jr.
<wr...@rowe-clan.net> wrote:
> Wondering if we are comfortable tagging and releasing 2.0.64 in the
> coming days? These security issues aught to be addressed, and while
> we are at it, it just seems like a nice thing to do as we get closer
> to some 2.3 beta and further from any more improvements to 2.0.
>
> Opinions? Volunteers? If there are no objections and no volunteer,
> its something I'm happy to do later this week. I'll review the set
> of ssl patches tomorrow.
Does anyone feel a need to release APR and -Util first to resolve
CVE-2009-2412? I don't think it is so important personally, but it is
worth asking.
(I could RM those two soon-ish if generally considered the Right Thing to do.)
Re: Nod to 2.0, one more time?
Posted by Mads Toftum <ma...@toftum.dk>.
On Mon, Mar 22, 2010 at 08:52:13AM -0500, William A. Rowe Jr. wrote:
> Wondering if we are comfortable tagging and releasing 2.0.64 in the
> coming days? These security issues aught to be addressed, and while
> we are at it, it just seems like a nice thing to do as we get closer
> to some 2.3 beta and further from any more improvements to 2.0.
>
Totally agreed. Given the number of security related fixes in 2.2
lately, a new 2.0.x would be a very good thing.
vh
Mads Toftum
--
http://soulfood.dk