Re: svn commit: r1632577 - /tomcat/trunk/java/org/apache/tomcat/jni/SSL.java

Fri, 17 Oct 2014 07:01:14 -0700 

All,

On 10/17/14 9:52 AM, schu...@apache.org wrote:
> Author: schultz
> Date: Fri Oct 17 13:52:24 2014
> New Revision: 1632577
> 
> URL: http://svn.apache.org/r1632577
> Log:
> Maintain SSL_OP parity with OpenSSL: add SSL_OP_NO_TLSv1_1 and 
> SSL_OP_NO_TLSv1_2.
> 
> Modified:
>     tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
> 
> Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
> URL: 
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=1632577&r1=1632576&r2=1632577&view=diff
> ==============================================================================
> --- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
> +++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Fri Oct 17 13:52:24 2014
> @@ -135,6 +135,9 @@ public final class SSL {
>      public static final int SSL_OP_NO_SSLv2                         = 
> 0x01000000;
>      public static final int SSL_OP_NO_SSLv3                         = 
> 0x02000000;
>      public static final int SSL_OP_NO_TLSv1                         = 
> 0x04000000;
> +    public static final int SSL_OP_NO_TLSv1_1                       = 
> 0x08000000;
> +    public static final int SSL_OP_NO_TLSv1_2                       = 
> 0x10000000;
> +
>      public static final int SSL_OP_NO_TICKET                        = 
> 0x00004000;

I just noticed that this conflicts with the SSL_OPs defined just below
these in SSL.java:

>     /* The next flag deliberately changes the ciphertest, this is a check
>      * for the PKCS#1 attack */
>     public static final int SSL_OP_PKCS1_CHECK_1                    = 
> 0x08000000;
>     public static final int SSL_OP_PKCS1_CHECK_2                    = 
> 0x10000000;

At some point (1.0, I think), OpenSSL deprecated the PKCS1 constants,
made their values 0x0, and re-purposed the flag values for the TLSv1_1
and TLSv1_2 options shown above.

Without checking the OpenSSL version, client code will have no way of
knowing whether they are checking for the TLSv1_x or PKCS1 SSL_OP flags,
especially if the Java code has been compiled against a prior version of
SSL.java (because javac stupidly copies constant values from one class
to another instead of looking them up at runtime, at least the last time
I checked).

What should we do, here? We can make those constants dynamic, but then
we have to do the OpenSSL library load in the class's static initializer
instead of in APRLifecycleListener.

We could remove SSL_OP_PKCS1_CHECK but then that means anyone relying on
it for use with OpenSSL 0.9.8* might be out of luck.

I'm a bit nervous about picking a winner here between OpenSSL 0.9.8 and
1.0.1.

Any thoughts?

-chris

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to