Rainer Jung wrote: > Sounds good to me, thanks! > > Info not yet ready for users@: On d...@httpd there is discusion, whether > to fix request splicing attacks by dropping the buffer, therefore > effectively not allowing to combine a partial request before reneg with > the request coming after the reneg. Although we don't know yet, whether > that is the only attack possible, all scenarios I have heard of use > request splicing. > > Discussion and testing whether this breaks clients still has to proceed. > I think it's not a reason to prevent a release here, but there might be > more fine grained workarounds for the attack in combination with > server-initiated reneg feasable.
Thanks. I'll add something to the first paragraph along the lines of: "Discussion is focussed on workarounds that could be applied that would allow server initiated renegotiation without exposing the participant to the vulnerability described in CVE-2009-3555." Unless anyone complains, I'll send this out later today. Mark > Regards, > > Rainer > > On 20.11.2009 00:20, Mark Thomas wrote: >> Feedback / comments on the info below. I'd like to get it out to users@ >> and announce@ fairly soon. >> >> Cheers, >> >> Mark >> >> =================================================== >> >> Overview >> ======== >> >> Work on the root cause is progressing but is still in a state of flux. >> The purpose of this update is provide information on the current >> understanding so users are better informed when making decisions >> regarding risk mitigation for this issue in their environment. >> >> >> BIO Connector >> ============= >> >> The HTTP BIO connector that ships with 6.0.20 and 5.5.28 supports client >> and server initiated negotiation and is vulnerable to CVE-2009-3555. >> >> A patch [1] has been applied to trunk, 6.0.x and 5.5.x that provides an >> option to disable renegotiation. This patch has an issue in that it uses >> an asynchronous callback to close the connection when a handshake is >> detected. It is theoretically possible for an attack to complete before >> the connection is closed. When negotiation is disabled, both server and >> client initiated attempts to renegotiate are logged. >> >> An updated patch [2] has been applied to trunk and proposed for 6.0.x >> and 5.5.x that resolves the asynchronous concerns but only logs server >> initiated renegotiation. >> >> Users of 6.0.20, 5.5.28 and earlier versions can apply either of the >> patches. It will be necessary to build Tomcat from source to use these >> patches. >> >> Testing with both these patches has shown that using the connector >> attributes clientAuth="want" and allowUnsafeLegacyRenegotiation="false" >> provides a similar user experience during negotiation to >> clientAuth="false" and allowUnsafeLegacyRenegotiation="true" although >> this may vary by application. >> >> It is anticipated that 6.0.21 and 5.5.29 releases will be made once the >> situation stabilises and the Tomcat development team is confident that >> further changes will not be required. >> >> >> NIO Connector >> ============= >> >> The HTTP NIO connector that ships with 6.0.20 and 5.5.28 does not >> support client or server initiated renegotiation and is therefore not >> vulnerable to CVE-2009-3555. >> >> As and when negotiation support is added to the NIO connector, it will >> support the allowUnsafeLegacyRenegotiation connector attribute and >> behave in a similar manner to the HTTP BIO connector. >> >> >> APR / native Connector >> ====================== >> >> Behaviour of the APR/native connector depends on the version of the >> APR/native connector and on the version of OpenSSL that the connector is >> build with. Versions prior to APR/native 1.1.16 are not discussed. >> >> The windows binaries available from the ASF have been built with the >> following OpenSSL versions: >> >> APR/native OpenSSL >> 1.1.16 0.9.8i >> 1.1.17 0.9.8l >> 1.1.18 0.9.8k - TBC >> >> Any version of the APR/native connector built with OpenSSl 0.9.8l will >> not support client or server initiated negotiation and will, therefore, >> not be vulnerable to CVE-2009-3555. >> >> Client initiated negotiation is supported in 1.1.16 and 1.1.17. These >> versions are, therefore, vulnerable to CVE-2009-3555 unless built with >> OpenSSL 0.9.8l. >> >> Client initiated negotiation has been disabled in 1.1.18. Therefore, >> this version is not vulnerable to CVE-2009-3555 via client initiated >> renegotiation although it may still be vulnerable via server initiated >> renegotiation. >> >> Server initiated renegotiation is supported in 1.1.17 onwards. >> Therefore, 1.1.17 onwards is vulnerable to CVE-2009-3555 via server >> initiated renegotiation unless the APR/native connector is built with >> OpenSSL 0.9.8l. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
