[Pkg-openssl-devel] Bug#555829: Bug#555829: openssl: CVE-2009-3555: SSL/TLS renegotiation MITM vulnerability

Kurt Roeckx kurt at roeckx.be
Wed Nov 11 23:32:35 UTC 2009


On Wed, Nov 11, 2009 at 11:16:19PM +0100, Enrique D. Bosch wrote:
> 
> In particular, practical attacks exists against HTTPS and could affect other
> protocols that use SSL/TLS.

It's my understanding that there is a patch for mod_ssl that
should prevent it and which does not require changes to openssl.
But it probably has just the same problems as the 0.9.8l version.

> Openssl by default accepts renegotiations and there is no option to
> disable this. Mainstream openssl 0.9.8l adds this option.

The changes says:
  *) Disable renegotiation completely - this fixes a severe security
     problem (CVE-2009-3555) at the cost of breaking all
     renegotiation. Renegotiation can be re-enabled by setting
     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
     run-time. This is really not recommended unless you know what
     you're doing.

So this would mean that it will break some setups.

> A new RFC draft has been created to address this problem at protocol level so
> it's expected further versions of openssl will adopot it.
> 
> Possible solutions:
> sid: upgrade to openssl 0.9.8l

I think I will just use the patch against 0.9.8k.  0.9.8l it just
a patched 0.9.8k with some junk added.

> stable/oldstable: backport a patch from openssl 0.9.8l to stable/oldstable
> versions.

I'm not sure uploading that patch to stable/oldstable is a good
idea at the moment, as we have no idea what is going to break.
Atleast when they have a secure way to renegotiate, both sides
can potentionaly be upgraded to a new version.


Kurt






More information about the Pkg-openssl-devel mailing list