[Pkg-openssl-devel] Bug#555829: Bug#555829: openssl: CVE-2009-3555: SSL/TLS renegotiation MITM vulnerability
Kurt Roeckx
kurt at roeckx.be
Wed Nov 11 23:32:35 UTC 2009
On Wed, Nov 11, 2009 at 11:16:19PM +0100, Enrique D. Bosch wrote:
>
> In particular, practical attacks exists against HTTPS and could affect other
> protocols that use SSL/TLS.
It's my understanding that there is a patch for mod_ssl that
should prevent it and which does not require changes to openssl.
But it probably has just the same problems as the 0.9.8l version.
> Openssl by default accepts renegotiations and there is no option to
> disable this. Mainstream openssl 0.9.8l adds this option.
The changes says:
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
So this would mean that it will break some setups.
> A new RFC draft has been created to address this problem at protocol level so
> it's expected further versions of openssl will adopot it.
>
> Possible solutions:
> sid: upgrade to openssl 0.9.8l
I think I will just use the patch against 0.9.8k. 0.9.8l it just
a patched 0.9.8k with some junk added.
> stable/oldstable: backport a patch from openssl 0.9.8l to stable/oldstable
> versions.
I'm not sure uploading that patch to stable/oldstable is a good
idea at the moment, as we have no idea what is going to break.
Atleast when they have a secure way to renegotiate, both sides
can potentionaly be upgraded to a new version.
Kurt
More information about the Pkg-openssl-devel
mailing list