From patchwork Fri Mar 26 05:05:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1663 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id KOf3ArMGXmAFTAAAIUCqbw (envelope-from ) for ; Fri, 26 Mar 2021 12:07:15 -0400 Received: from proxy14.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id aJzfArMGXmDmRgAA91zNiA (envelope-from ) for ; Fri, 26 Mar 2021 12:07:15 -0400 Received: from smtp1.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy14.mail.ord1d.rsapps.net with LMTPS id 6F6xG7MGXmC8CAAAtEH5vw (envelope-from ) for ; Fri, 26 Mar 2021 12:07:15 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp1.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 53f77436-8e4d-11eb-8191-842b2b47c027-1-1 Received: from [216.105.38.7] ([216.105.38.7:51322] helo=lists.sourceforge.net) by smtp1.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 89/5E-29904-2B60E506; Fri, 26 Mar 2021 12:07:14 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lPoyS-00031P-3z; Fri, 26 Mar 2021 16:06:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lPoyP-000310-6b for openvpn-devel@lists.sourceforge.net; Fri, 26 Mar 2021 16:06:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=WkOZthe5liLSiV+wbrNryCT3/aLkBuwsg039VuW9W/Q=; b=giod8unJFnjy4XR/7Y0YM1Tr8m q/8RfbLRsdWUrYtpcqIQ8GUh81DP6rYKteGTNhUUtWSQ+hRMYPJGmyCyUr276lt23gKi2SNpOOCnA 6o2p2XVSKsjNz8GeU7dEEp5zSQHUjhTa1u1rGlk+3gwcP0N9wGVI0GCF2Sr/eAvkRbTI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=WkOZthe5liLSiV+wbrNryCT3/aLkBuwsg039VuW9W/Q=; b=jMFbvegm9YjAcUhWjU4Rlxf71g h0FRqCe24i4jbO7AK7xF2dFwTdfGQUOUCt2YZc1oSCIg714GM5EFs3Y21KXT3IRoUTpdCIichQFnY f4cbR4eCN6lSlVJnnX2vdp4z3QzEBc2rHKibqseL/uLBoJiPDa6uaZLJHNkqgcfykw0I=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lPoy8-0006OY-TJ for openvpn-devel@lists.sourceforge.net; Fri, 26 Mar 2021 16:06:08 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lPoy1-000MAC-Lh for openvpn-devel@lists.sourceforge.net; Fri, 26 Mar 2021 17:05:45 +0100 Received: (nullmailer pid 26880 invoked by uid 10006); Fri, 26 Mar 2021 16:05:45 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Fri, 26 Mar 2021 17:05:45 +0100 Message-Id: <20210326160545.26836-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 TIME_LIMIT_EXCEEDED Exceeded time limit / deadline X-Headers-End: 1lPoy8-0006OY-TJ Subject: [Openvpn-devel] [PATCH v2] Always disable TLS renegotiations X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Renegotiations have been troublesome in the past and also the recent OpenSSL security problem (CVE-2021-3449) is only exploitable if TLS renegotiation is enabled. mbed TLS disables it by default and says in the documentation: Warning: It is recommended to always disable renegotation unless you know you need it and you know what you're doing. In the past, there have been several issues associated with renegotiation or a poor understanding of its properties. TLS renegotiation can be used to restart a session with diffferent parameters (e.g. now with client certs). This somethign that OpenVPN does not use. Furthermore because of all these problems, also TLS 1.3 completely drops support for renegotiations. Patch V2: Improve commments and commit message Signed-off-by: Arne Schwabe Acked-by: Antonio Quartulli --- src/openvpn/ssl_mbedtls.c | 4 ++++ src/openvpn/ssl_openssl.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 4626e9838..8917fb188 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1086,6 +1086,10 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, { mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups); } + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ + mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED); /* Disable record splitting (for now). OpenVPN assumes records are sent * unfragmented, and changing that will require thorough review and diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d161f48b8..c311dd08e 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -320,6 +320,10 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags) sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE; #endif sslopt |= SSL_OP_NO_COMPRESSION; + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ + sslopt |= SSL_OP_NO_RENEGOTIATION; SSL_CTX_set_options(ctx->ctx, sslopt);