Re: SSL renegociation vulnerability

[christos%zoulas.com@localhost (Christos Zoulas)]

On Dec 4, 10:52pm, tls%panix.com@localhost (Thor Lancelot Simon) wrote:
-- Subject: Re: SSL renegociation vulnerability

| On Sat, Dec 05, 2009 at 03:30:57AM +0000, Christos Zoulas wrote:
| > In article <20091204162709.GA11270%panix.com@localhost>,
| > Thor Lancelot Simon  <tls%panix.com@localhost> wrote:
| > >On Fri, Dec 04, 2009 at 01:13:52AM -0500, Brian Seklecki wrote:
| > >> 
| > >> However, I can confirm that:
| > >> 
| > >>   http://security.FreeBSD.org/patches/SA-09:15/ssl.patch
| > >
| > >If this is the patch from OpenSSL 0.9.8l it should not be applied to
| > >NetBSD; it is broken and introduces both forward *and* backwards API
| > >and ABI incompatibility.
| > 
| > Unfortunately I have not seen anything in the head of the OpenSSL tree
| > that addresses this issue so I have applied a similar patch to FreeBSD
| > that disables renegotiation completely for now. I would like to have
| > a better solution, but I don't see one.
| 
| Actually, OpenSSL HEAD gets it pretty much right.
| 
| The problem with what OpenSSL 0.9.8l did is that it:
| 
|       1) Leaves the connection hung rather than closing it after the
|          renegotiation attempt.
| 
|       2) Uses a different API/ABI for renegotiation control than what
|          they did two days later in OpenSSL HEAD, without any backwards
|          compatibility!

I'll import head then.

christos