]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 774c486)
BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages
authorDirkjan Bussink <d.bussink@gmail.com>
Mon, 21 Jan 2019 17:35:03 +0000 (09:35 -0800)
committerWilly Tarreau <w@1wt.eu>
Wed, 23 Jan 2019 08:51:22 +0000 (09:51 +0100)
In OpenSSL 1.1.1 TLS 1.3 KeyUpdate messages will trigger the callback
that is used to verify renegotiation is disabled. This means that these
KeyUpdate messages fail. In OpenSSL 1.1.1 a better mechanism is
available with the SSL_OP_NO_RENEGOTIATION flag that disables any TLS
1.2 and earlier negotiation.

So if this SSL_OP_NO_RENEGOTIATION flag is available, instead of having
a manual check, trust OpenSSL and disable the check. This means that TLS
1.3 KeyUpdate messages will work properly.

Reported-By: Adam Langley <agl@imperialviolet.org>
src/ssl_sock.c patch | blob | blame | history

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9153843be82d6ee268036251d5ce246e91874279..99d2a11fae4ed1b67b3fb7153105ced68d8c9c2f 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1468,6 +1468,10 @@ void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
        BIO *write_bio;
        (void)ret; /* shut gcc stupid warning */
 
+#ifndef SSL_OP_NO_RENEGOTIATION
+       /* Please note that BoringSSL defines this macro to zero so don't
+        * change this to #if and do not assign a default value to this macro!
+        */
        if (where & SSL_CB_HANDSHAKE_START) {
                /* Disable renegotiation (CVE-2009-3555) */
                if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) {
@@ -1475,6 +1479,7 @@ void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
                        conn->err_code = CO_ER_SSL_RENEG;
                }
        }
+#endif
 
        if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
                if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
@@ -3895,6 +3900,11 @@ ssl_sock_initial_ctx(struct bind_conf *bind_conf)
                options |= SSL_OP_NO_TICKET;
        if (bind_conf->ssl_options & BC_SSL_O_PREF_CLIE_CIPH)
                options &= ~SSL_OP_CIPHER_SERVER_PREFERENCE;
+
+#ifdef SSL_OP_NO_RENEGOTIATION
+       options |= SSL_OP_NO_RENEGOTIATION;
+#endif
+
        SSL_CTX_set_options(ctx, options);
 
 #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
Mirror of https://github.com/haproxy/haproxy.git