How to limit the number of renegotiations for a single TLS / SSL connection

[dk...@ccilindia.co.in]

Hello All,

We are using -
Tomcat Version - 6.0.18
Operating System Version : HP-UX 11.31
SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
Port - 8443

By running the venerability assessment test we are getting the following 
observation 

The remote service encrypts traffic using TLS / SSL and permits clients to 
renegotiate connections. The computational requirements for renegotiating 
a connection are asymmetrical between the client and the server, with the 
server performing several times more work. Since the remote host does not 
appear to limit the number of renegotiations for a single TLS / SSL 
connection, this permits a client to open several simultaneous connections 
and repeatedly renegotiate them, possibly leading to a denial of service 
condition.

Please suggest the recommended solution for tomcat

Thanks & Regards
Deepak Kumar
"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Mark Thomas <ma...@apache.org>]

On 11/02/2013 13:00, dkumar@ccilindia.co.in wrote:
> Hello, 
> 
> We tried to set APR connector protocol attribute in connector tag but we 
> are not able to start the tomcat as the supporting library are not found 
> in JDK 1.7 installed in my system
> Please suggest where we will get the APR connector file.

Have you looked in the documentation?

http://tomcat.apache.org/tomcat-7.0-doc/apr.html

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dk...@ccilindia.co.in]

Hello, 

We tried to set APR connector protocol attribute in connector tag but we 
are not able to start the tomcat as the supporting library are not found 
in JDK 1.7 installed in my system
Please suggest where we will get the APR connector file.


@Mark
Sorry for duplicate message. That has a correction ["http-bio-8443"] 
instead of ["http-bio-443"]

Thanks and Regards
Deepak 



From:   Mark Thomas <ma...@apache.org>
To:     Tomcat Users List <us...@tomcat.apache.org>
Date:   02/11/2013 05:23 PM
Subject:        Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 11/02/2013 11:31, dkumar@ccilindia.co.in wrote:
> Hello Mark
> 
> We have just updated the tomcat version to 7.0.35 and have not 
explicitly 
> gave any connector protocol in connector tag, when tomcat is starting 
its 
> giving Initializing ProtocolHandler ["http-bio-443"]

Which means you are using the BIO HTTP connector, not the APR/native
HTTP connector. The BIO connector supports renegotiation.

Mark

P.S. Please stop
a) sending duplicate messages to the users list
b) cc'ing list members on your replies.


> 
> Regards
> Deepak
> 
> 
> 
> From:   Mark Thomas <ma...@apache.org>
> To:     Tomcat Users List <us...@tomcat.apache.org>
> Date:   02/11/2013 04:48 PM
> Subject:        Re: How to limit the number of renegotiations for a 
single 
> TLS / SSL connection
> 
> 
> 
> On 11/02/2013 11:10, dkumar@ccilindia.co.in wrote:
>> Hello All,
>>
>> We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
>> Still facing same issue
>> Please suggest
> 
> Are you sure you are using the APR/native connector?
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> "Disclaimer and confidentiality clause -
>  This message and any attachments relating to official business of CCIL 
OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the 
original addressee only.
> The message may contain information that is confidential and subject to 
legal privilege. 
> Any views expressed in this message are those of the individual sender. 
> If you have received this message in error, please notify the original 
sender immediately and destroy the message and copies thereof and any 
attachments contained in it .
>  If you are not the intended recipient of this message, you are hereby 
notified that you must not disseminate, copy, use, distribute, or take any 
action in connection therewith. 
>  CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
> CCIL is not liable whatsoever for loss or damage resulting from the 
opening of this message and/or attachments and/or the use of the 
information contained in this message and/or attachments."
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Mark Thomas <ma...@apache.org>]

On 11/02/2013 11:31, dkumar@ccilindia.co.in wrote:
> Hello Mark
> 
> We have just updated the tomcat version to 7.0.35 and have not explicitly 
> gave any connector protocol in connector tag, when tomcat is starting its 
> giving Initializing ProtocolHandler ["http-bio-443"]

Which means you are using the BIO HTTP connector, not the APR/native
HTTP connector. The BIO connector supports renegotiation.

Mark

P.S. Please stop
a) sending duplicate messages to the users list
b) cc'ing list members on your replies.


> 
> Regards
> Deepak
> 
> 
> 
> From:   Mark Thomas <ma...@apache.org>
> To:     Tomcat Users List <us...@tomcat.apache.org>
> Date:   02/11/2013 04:48 PM
> Subject:        Re: How to limit the number of renegotiations for a single 
> TLS / SSL connection
> 
> 
> 
> On 11/02/2013 11:10, dkumar@ccilindia.co.in wrote:
>> Hello All,
>>
>> We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
>> Still facing same issue
>> Please suggest
> 
> Are you sure you are using the APR/native connector?
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 
> "Disclaimer and confidentiality clause -
>  This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
> The message may contain information that is confidential and subject to legal privilege. 
> Any views expressed in this message are those of the individual sender. 
> If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
>  If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
>  CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
> CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dk...@ccilindia.co.in]

Hello Mark

We have just updated the tomcat version to 7.0.35 and have not explicitly 
gave any connector protocol in connector tag, when tomcat is starting its 
giving Initializing ProtocolHandler ["http-bio-443"] 

Regards
Deepak



From:   Mark Thomas <ma...@apache.org>
To:     Tomcat Users List <us...@tomcat.apache.org>
Date:   02/11/2013 04:48 PM
Subject:        Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 11/02/2013 11:10, dkumar@ccilindia.co.in wrote:
> Hello All,
> 
> We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
> Still facing same issue
> Please suggest

Are you sure you are using the APR/native connector?

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dk...@ccilindia.co.in]

Hello Mark

We have just updated the tomcat version to 7.0.35 and have not explicitly 
gave any connector protocol in connector tag, when tomcat is starting its 
giving Initializing ProtocolHandler ["http-bio-8443"] 

Regards
Deepak



From:   Mark Thomas <ma...@apache.org>
To:     Tomcat Users List <us...@tomcat.apache.org>
Date:   02/11/2013 04:48 PM
Subject:        Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 11/02/2013 11:10, dkumar@ccilindia.co.in wrote:
> Hello All,
> 
> We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
> Still facing same issue
> Please suggest

Are you sure you are using the APR/native connector?

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Mark Thomas <ma...@apache.org>]

On 11/02/2013 11:10, dkumar@ccilindia.co.in wrote:
> Hello All,
> 
> We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
> Still facing same issue
> Please suggest

Are you sure you are using the APR/native connector?

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dk...@ccilindia.co.in]

Hello All,

We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
Still facing same issue
Please suggest

Thanks and regards
Deepak Kumar



From:   Pid <pi...@pidster.com>
To:     Tomcat Users List <us...@tomcat.apache.org>
Date:   02/09/2013 11:35 PM
Subject:        Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 08/02/2013 15:05, Mark Thomas wrote:
> On 08/02/2013 14:34, Caldarale, Charles R wrote:
>>> From: dkumar@ccilindia.co.in [mailto:dkumar@ccilindia.co.in] 
>>> Subject: How to limit the number of renegotiations for a single TLS
>>> / SSL connection
>>
>>> We are using - Tomcat Version - 6.0.18
>>
>>> Please suggest the recommended solution for tomcat
>>
>> Try using a version of Tomcat that's newer than 4.5 years old.  Many
>> security-related fixes have gone in since then, and it's
>> irresponsible to expose your site to situations that have been
>> addressed years previously.  If you check the changelog, I think
>> you'll find this TLS issue was addressed quite some time ago; it may
>> require a JVM upgrade as well.
> 
> No, this is a different issue.

Not to disagree with Mark T... but the point about using old software is
still a good one.

 Tomcat 6.0.18 vs Tomcat 6.0.36

 OpenSSL 0.9.8k (25-Mar-2009) vs OpenSSL 0.9.8y (05-Feb-2013)


Focusing on particular issues like this, rather than addressing the big
picture and using a more recent build of Open SSL and/or Tomcat (that
will carry many fixes) means the OP is probably Doing IT Wrong.


p

-- 

[key:62590808]

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Pid <pi...@pidster.com>]

On 08/02/2013 15:05, Mark Thomas wrote:
> On 08/02/2013 14:34, Caldarale, Charles R wrote:
>>> From: dkumar@ccilindia.co.in [mailto:dkumar@ccilindia.co.in] 
>>> Subject: How to limit the number of renegotiations for a single TLS
>>> / SSL connection
>>
>>> We are using - Tomcat Version - 6.0.18
>>
>>> Please suggest the recommended solution for tomcat
>>
>> Try using a version of Tomcat that's newer than 4.5 years old.  Many
>> security-related fixes have gone in since then, and it's
>> irresponsible to expose your site to situations that have been
>> addressed years previously.  If you check the changelog, I think
>> you'll find this TLS issue was addressed quite some time ago; it may
>> require a JVM upgrade as well.
> 
> No, this is a different issue.

Not to disagree with Mark T... but the point about using old software is
still a good one.

 Tomcat 6.0.18 vs Tomcat 6.0.36

 OpenSSL 0.9.8k (25-Mar-2009) vs OpenSSL 0.9.8y (05-Feb-2013)


Focusing on particular issues like this, rather than addressing the big
picture and using a more recent build of Open SSL and/or Tomcat (that
will carry many fixes) means the OP is probably Doing IT Wrong.


p

-- 

[key:62590808]

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Mark Thomas <ma...@apache.org>]

On 08/02/2013 14:34, Caldarale, Charles R wrote:
>> From: dkumar@ccilindia.co.in [mailto:dkumar@ccilindia.co.in] 
>> Subject: How to limit the number of renegotiations for a single TLS
>> / SSL connection
> 
>> We are using - Tomcat Version - 6.0.18
> 
>> Please suggest the recommended solution for tomcat
> 
> Try using a version of Tomcat that's newer than 4.5 years old.  Many
> security-related fixes have gone in since then, and it's
> irresponsible to expose your site to situations that have been
> addressed years previously.  If you check the changelog, I think
> you'll find this TLS issue was addressed quite some time ago; it may
> require a JVM upgrade as well.

No, this is a different issue.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: How to limit the number of renegotiations for a single TLS / SSL connection

["Caldarale, Charles R" <Ch...@unisys.com>]

> From: dkumar@ccilindia.co.in [mailto:dkumar@ccilindia.co.in] 
> Subject: How to limit the number of renegotiations for a single TLS / SSL connection

> We are using -
> Tomcat Version - 6.0.18

> Please suggest the recommended solution for tomcat

Try using a version of Tomcat that's newer than 4.5 years old.  Many security-related fixes have gone in since then, and it's irresponsible to expose your site to situations that have been addressed years previously.  If you check the changelog, I think you'll find this TLS issue was addressed quite some time ago; it may require a JVM upgrade as well.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Deepak,

On 2/9/13 4:05 AM, dkumar@ccilindia.co.in wrote:
> we have not specified any specific connector protocol in the
> connector tag, is that mean we are using native APR connector, and
> if it is so, then as renegotiation is not permitted in APR why VA
> tool says renegotiation DoS vulnerability, and it would be of great
> help if you explain how to implement HTTP NIO or BIO connector to
> handle this renegotiation issue.

The default connector depends upon your system configuration. I
believe if you have APR/tcnative available, Tomcat will use that and
you'll get an APR/HTTP connector. Otherwise, you'll get the BIO
connector. You have to specifically request the NIO connector.

> <Connector port="8443" SSLEnabled="true" acceptCount="500"
> ciphers="Some cipher" allowUnsafeLegacyRenegotiation="false" 
> maxThreads="5" scheme="https" secure="false" clientAuth="false"
> sslProtocol="TLS" keystoreFile="cert.key" keystorePass="password"
> />

Using the APR connector for SSL will be much faster than either BIO or
NIO.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEAREIAAYFAlEWUC8ACgkQ9CaO5/Lv0PB+FwCfQLqO5CsHc9cB4sq+mO5D8mq5
IDMAoLr6WXRqgu7JWiHewUD47Js36dXd
=XY13
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dk...@ccilindia.co.in]

Hello All,

@ Mark

we have not specified any specific connector protocol in the connector 
tag, is that mean we are using native APR connector, and if it is so, then 
as renegotiation is not permitted in APR why VA tool says renegotiation 
DoS vulnerability, and it would be of great help if you explain how to 
implement HTTP NIO or BIO connector to handle this renegotiation issue.

@Daniel

Please find the connector tag of sever.xml

<Connector port="8443" SSLEnabled="true" acceptCount="500" ciphers="Some 
cipher" allowUnsafeLegacyRenegotiation="false"
               maxThreads="5" scheme="https" secure="false" 
               clientAuth="false" sslProtocol="TLS" 
keystoreFile="cert.key" keystorePass="password" />


Any help wold be appreciated.
Thanks and regards

Deepak.






From:   Mark Thomas <ma...@apache.org>
To:     Tomcat Users List <us...@tomcat.apache.org>
Date:   02/08/2013 08:44 PM
Subject:        Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 08/02/2013 14:28, dkumar@ccilindia.co.in wrote:
> Hello All,
> 
> We are using -
> Tomcat Version - 6.0.18
> Operating System Version : HP-UX 11.31
> SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
> Port - 8443
> 
> By running the venerability assessment test we are getting the following 

> observation 
> 
> The remote service encrypts traffic using TLS / SSL and permits clients 
to 
> renegotiate connections. The computational requirements for 
renegotiating 
> a connection are asymmetrical between the client and the server, with 
the 
> server performing several times more work. Since the remote host does 
not 
> appear to limit the number of renegotiations for a single TLS / SSL 
> connection, this permits a client to open several simultaneous 
connections 
> and repeatedly renegotiate them, possibly leading to a denial of service 

> condition.
> 
> Please suggest the recommended solution for tomcat

To repeat what I have said privately on this topic:

<quote>
The Apache Tomcat security team has reviewed the available information
for CVE-2011-1473 and has performed some testing of Apache Tomcat
using one of the many tools that has be written to demonstrate this issue.

Our conclusions are:

- In terms of CPU usage there is not a large difference (same order of
magnitude) between a client creating multiple HTTPS connections and a
client creating a single HTTPS connection and repeatedly requesting
renegotiation. This is consistent with the findings / opinions of the
numerous SSL/TLS experts that have commented on this issue.

- Repeated renegotiation attempts from a single client can be detected
by a firewall.

- Multiple connection attempts from a client are easier for a firewall
to identify than multiple renegotiation requests.

- Client renegotiation is not permitted by the HTTP APR/native connector.

- It would be possible to add renegotiation rate limiting to the HTTP
BIO and NIO connectors but there is not a clear-cut case for doing this.


We would also draw your attention to the following text on the Apache
Tomcat website security pages [1]:

<quote>
Note that all networked servers are subject to denial of service
attacks, and we cannot promise magic workarounds to generic problems
(such as a client streaming lots of data to your server, or
re-requesting the same URL repeatedly). In general our philosophy is
to avoid any attacks which can cause the server to consume resources
in a non-linear relationship to the size of inputs.
</quote>

Further discussion of this issue, particularly the usefulness of
adding renegotiation rate-limiting to the the HTTP BIO and NIO
connectors, should take place on the public Tomcat users mailing list.

Mark
on behalf of the Apache Tomcat security team
</quote>

With all the above in mind is there an argument for introducing
renegotiation rate limiting for BIO and NIO? Or do we just say if you
are bothered about CVE-2011-1473, use APR.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[Mark Thomas <ma...@apache.org>]

On 08/02/2013 14:28, dkumar@ccilindia.co.in wrote:
> Hello All,
> 
> We are using -
> Tomcat Version - 6.0.18
> Operating System Version : HP-UX 11.31
> SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
> Port - 8443
> 
> By running the venerability assessment test we are getting the following 
> observation 
> 
> The remote service encrypts traffic using TLS / SSL and permits clients to 
> renegotiate connections. The computational requirements for renegotiating 
> a connection are asymmetrical between the client and the server, with the 
> server performing several times more work. Since the remote host does not 
> appear to limit the number of renegotiations for a single TLS / SSL 
> connection, this permits a client to open several simultaneous connections 
> and repeatedly renegotiate them, possibly leading to a denial of service 
> condition.
> 
> Please suggest the recommended solution for tomcat

To repeat what I have said privately on this topic:

<quote>
The Apache Tomcat security team has reviewed the available information
for CVE-2011-1473 and has performed some testing of Apache Tomcat
using one of the many tools that has be written to demonstrate this issue.

Our conclusions are:

- In terms of CPU usage there is not a large difference (same order of
magnitude) between a client creating multiple HTTPS connections and a
client creating a single HTTPS connection and repeatedly requesting
renegotiation. This is consistent with the findings / opinions of the
numerous SSL/TLS experts that have commented on this issue.

- Repeated renegotiation attempts from a single client can be detected
by a firewall.

- Multiple connection attempts from a client are easier for a firewall
to identify than multiple renegotiation requests.

- Client renegotiation is not permitted by the HTTP APR/native connector.

- It would be possible to add renegotiation rate limiting to the HTTP
BIO and NIO connectors but there is not a clear-cut case for doing this.


We would also draw your attention to the following text on the Apache
Tomcat website security pages [1]:

<quote>
Note that all networked servers are subject to denial of service
attacks, and we cannot promise magic workarounds to generic problems
(such as a client streaming lots of data to your server, or
re-requesting the same URL repeatedly). In general our philosophy is
to avoid any attacks which can cause the server to consume resources
in a non-linear relationship to the size of inputs.
</quote>

Further discussion of this issue, particularly the usefulness of
adding renegotiation rate-limiting to the the HTTP BIO and NIO
connectors, should take place on the public Tomcat users mailing list.

Mark
on behalf of the Apache Tomcat security team
</quote>

With all the above in mind is there an argument for introducing
renegotiation rate limiting for BIO and NIO? Or do we just say if you
are bothered about CVE-2011-1473, use APR.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org