Re: SSL renegociation vulnerability

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Sun, Dec 06, 2009 at 11:00:55AM -0500, Christos Zoulas wrote:
> On Dec 5,  8:17pm, snj%pobox.com@localhost (Soren Jacobsen) wrote:
> -- Subject: Re: SSL renegociation vulnerability
> 
> | On Dec 5, 2009, at 9:10 AM, Christos Zoulas wrote:
> | 
> | > I'll import head then.
> | 
> | We still need to figure out what to do for the release branches.
> 
> Apply the patch from FreeBSD to disable renegotiation?

What a mess.  The problem is that the head of the OpenSSL-0.9.8 branch
in their CVS looks like OpenSSL-current API-wise, while the released
0.9.8l (which wasn't even generated from their CVS -- it has residue
of hand-patching in the release tar file!) is API and ABI incompatible.

I cannot seem to get an answer from them as to whether they intend to
fix the API botch in a later 0.9.8 release.  It's exasperating.

What I would actually be inclined to do is:

        1) Bring the release branches to 0.9.8-stable from a recent
           CVS snapshot.

        2) Try to figure out a way to implement the 0.9.8l renegotiation-
           control API but adjusted such that it doesn't do anything.  This
           is dangerous though if they reuse the relevant flag bit in a
           later otherwise ABI-compatible release.

I do not understand why they changed the renegotiation control from a
"FLAG" to an "OP" on the SSL * object but they did and that is why we
are in this mess.  I wish I could get an explanation of that too other than
"using a flag was a bad idea".

Maybe if someone else asks "on behalf of NetBSD"...

Thor