[From nobody Sun Mar 22 08:41:06 2026 Received: (at submit) by bugs.debian.org; 11 May 2012 08:18:15 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.1-bugs.debian.org_2005_01_02 (2010-03-16) on busoni.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=4.0 tests=BAYES_00, FOURLA, HAS_PACKAGE, SPF_PASS autolearn=ham version=3.3.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 52; hammy, 151; neutral, 173; spammy, 0. spammytokens: hammytokens:0.000-+--UD:dfsg-3, 0.000-+--UD:4.dfsg-3, 0.000-+--UD:3.4.dfsg-3, 0.000-+--UD:2.3.4.dfsg-3, 0.000-+--UD:1.2.3.4.dfsg-3 Return-path: <henri@nerv.fi> Received: from nashi.nerv.fi ([84.20.130.101] ident=postfix) by busoni.debian.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <henri@nerv.fi>) id 1SSl3G-0001Tm-Rp for submit@bugs.debian.org; Fri, 11 May 2012 08:18:15 +0000 Received: from foo.fgeek.fi (kludge.henri.nerv.fi [83.150.91.157]) by nashi.nerv.fi (Postfix) with SMTP id 4242018C807 for <submit@bugs.debian.org>; Fri, 11 May 2012 11:18:11 +0300 (EEST) Received: by foo.fgeek.fi (sSMTP sendmail emulation); Fri, 11 May 2012 11:18:11 +0300 Date: Fri, 11 May 2012 11:18:11 +0300 From: Henri Salo <henri@nerv.fi> To: submit@bugs.debian.org Subject: CVE-2011-1473: SSL/TLS DoS via repeated SSL session renegotiations Message-ID: <20120511081811.GA7876@kludge.henri.nerv.fi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Delivered-To: submit@bugs.debian.org Package: openssl Version: 0.9.8o-4squeeze12 Severity: important Tags: security https://bugzilla.redhat.com/show_bug.cgi?id=707065 """ It was reported [1] that a flaw exists in how openSSL handles SSL renegotiation. Because of the processing power required to handle an SSL/TLS handshake, with renegotiation enabled, a user can send multiple handshakes per second due to the renegotiation request being permitted. This could allow a malicious user to send multiple renegotiation requests and exhaust server resources. Note that this is not the only way to cause a denial of service on an SSL-enabled service; there are many other ways to accomplish the same thing, this just makes it easier. What makes this bug even more confusing is that this report is recent, with a 2011 CVE, however the recommended fix in the report is to upgrade to OpenSSL 0.9.8l, which is what disabled renegotiation, however it was subsequently re-enabled when OpenSSL added support for RFC5746 in OpenSSL 0.9.8m (which the reporter seems to imply isn't sufficient). I'm not sure where the CVE assignment came from; on MITRE's site is is reserved yet and I have not seen this discussed anywhere else but in a Nessus scan report [2]. As an aside, and to reference something we may need to look at, there seems to be some concern with Apache and how it works with SSL renegotiation disabled [3], so we will need to look into cases where disabling SSL renegotiation may impact expected behaviour of currently released products. [1] http://orchilles.com/2011/03/ssl-renegotiation-dos.html [2] https://discussions.nessus.org/message/10629 [3] http://old.nabble.com/TLS-renegotiation-disabling-%3A-mod_ssl-and-OpenSSL--0.9.8l-td26285568.html """ -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssl depends on: ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib ii libssl0.9.8 0.9.8o-4squeeze12 SSL shared libraries ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime openssl recommends no packages. Versions of packages openssl suggests: ii ca-certificates 20090814+nmu3squeeze1 Common CA certificates -- no debconf information ]