From patchwork Wed Mar 31 23:59:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1682 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director15.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id frr/N8OnZWCjQwAAIUCqbw (envelope-from ) for ; Thu, 01 Apr 2021 07:00:19 -0400 Received: from proxy1.mail.ord1d.rsapps.net ([172.30.191.6]) by director15.mail.ord1d.rsapps.net with LMTP id sFFnN8OnZWCyBAAAIcMcQg (envelope-from ) for ; Thu, 01 Apr 2021 07:00:19 -0400 Received: from smtp11.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy1.mail.ord1d.rsapps.net with LMTPS id CHYnN8OnZWDFdQAAasrz9Q (envelope-from ) for ; Thu, 01 Apr 2021 07:00:19 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp11.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 723585ec-92d9-11eb-a56a-5254005f837b-1-1 Received: from [216.105.38.7] ([216.105.38.7:46916] helo=lists.sourceforge.net) by smtp11.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id A6/6C-19075-3C7A5606; Thu, 01 Apr 2021 07:00:19 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1lRv2u-000137-IS; Thu, 01 Apr 2021 10:59:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1lRv2t-000131-P1 for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 10:59:27 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a2SF4tJbhCO0Ynlv61bFM8+ch7qXALfakSmh8EeAPQs=; b=ckHez7wkyNwOePpYjf8zqkEnSW HMO+9ei6vw7C+MWbzBU7Dmf3T/Xlw2pAc40G6eK10FUZGKneF06nw8EHTGfiCBiAsRgeJZCy6DXy2 yr7DJ1zADFFOfR1HmErBz2zolRcw91coBA7dyoNot+l3mv8W9y/2ptBzyxx43LgblpZs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=a2SF4tJbhCO0Ynlv61bFM8+ch7qXALfakSmh8EeAPQs=; b=lH0zWXp+UwE5EAnoIcNK808lwM Z9LlKVskrTTjPHzEBd0K1KlMhd/Kx5uSHD2lz6677Dl3C+UNYrpv/oey/BI6j8JsVYfdJYYvHEW9A J8kyDYa7+m/eJGkHPU9OG8WS21EnpOqOH9wbJMNvFgn0GW+2GNpv/57GMW/WRb0sFTlU=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1lRv2r-0006Av-NF for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 10:59:27 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lRv2k-000IkA-A3 for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 12:59:18 +0200 Received: (nullmailer pid 19441 invoked by uid 10006); Thu, 01 Apr 2021 10:59:18 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 1 Apr 2021 12:59:18 +0200 Message-Id: <20210401105918.19396-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lRv2r-0006Av-NF Subject: [Openvpn-devel] [PATCH v3] Always disable TLS renegotiations X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Renegotiations have been troublesome in the past and also the recent OpenSSL security problem (CVE-2021-3449) is only exploitable if TLS renegotiation is enabled. mbed TLS disables it by default and says in the documentation: Warning: It is recommended to always disable renegotation unless you know you need it and you know what you're doing. In the past, there have been several issues associated with renegotiation or a poor understanding of its properties. TLS renegotiation can be used to restart a session with diffferent parameters (e.g. now with client certs). This somethign that OpenVPN does not use. For OpenSSL 1.0.2 the workaround to disable renegotiation is rather cumbersome. So we keep this to 1.1.1 only since 1.0.2 is on its way to deprecation anyway. Furthermore because of all these problems, also TLS 1.3 completely drops support for renegotiations. Patch V2: Improve commments and commit message Patch V3: Only disable renegotiation where the SSL_OP_NO_RENEGOTIATION define is available. LibreSSL, wolfSSL and OpenSSL 1.0.2 are lacking this macro. Signed-off-by: Arne Schwabe --- src/openvpn/ssl_mbedtls.c | 4 ++++ src/openvpn/ssl_openssl.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 4626e9838..8917fb188 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1086,6 +1086,10 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, { mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups); } + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ + mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED); /* Disable record splitting (for now). OpenVPN assumes records are sent * unfragmented, and changing that will require thorough review and diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index b85f95be1..1f14b5d2c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -320,6 +320,10 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags) sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE; #endif sslopt |= SSL_OP_NO_COMPRESSION; + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ + sslopt |= SSL_OP_NO_RENEGOTIATION; SSL_CTX_set_options(ctx->ctx, sslopt);