From patchwork Thu Apr 1 00:00:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 1683 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 6GhnLvmnZWDJQAAAIUCqbw (envelope-from ) for ; Thu, 01 Apr 2021 07:01:13 -0400 Received: from proxy11.mail.ord1d.rsapps.net ([172.30.191.6]) by director8.mail.ord1d.rsapps.net with LMTP id 4GpZLvmnZWBxCAAAfY0hYg (envelope-from ) for ; Thu, 01 Apr 2021 07:01:13 -0400 Received: from smtp20.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy11.mail.ord1d.rsapps.net with LMTPS id wO70OO6nZWBaSQAAgKDEHA (envelope-from ) for ; Thu, 01 Apr 2021 07:01:02 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: 92399e46-92d9-11eb-8022-525400b8bfda-1-1 Received: from [216.105.38.7] ([216.105.38.7:52968] helo=lists.sourceforge.net) by smtp20.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 89/72-13943-8F7A5606; Thu, 01 Apr 2021 07:01:13 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1lRv3s-0004dq-8Y; Thu, 01 Apr 2021 11:00:28 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRv3o-0004d6-Sr for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 11:00:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=GlnpXsxvz8eOhUMgI7hUTMlNHSm0d2iWwmL2WcXkAtc=; b=RVO+YOLXmlTo5p5BqK8LadREt/ 7pZ7ypq0GZUtgWhBtOtQyCDmhJ5DHNTbrqVswxD3KGRolcTiFufUdHoH2D0lCxAPBjw4bcav9hPn6 /0kGuzEy/vtWKl0nvgmfqkMi1iYKZaUtqScLScV90ACIjkd2BvTuihetVvGPfW/vabXk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GlnpXsxvz8eOhUMgI7hUTMlNHSm0d2iWwmL2WcXkAtc=; b=j9A8En9v+5NnP58yJrzvME+Yge zrl2sNGtMe6xrbfKI2/nw2dHc/6SzGPDE8NNn9LwrW2mhBdVqvfDZoIBZ82s4wWINdiq8ElMW1Qke lzqZGc4o0iinPXqD6VGRYT1nCUhuiKIgFj2ewDdsGrEbqPcKdCZ0zqU2bPA6hLko3YGk=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1lRv3b-002jC9-TS for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 11:00:24 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1lRv3T-000Iko-3G for openvpn-devel@lists.sourceforge.net; Thu, 01 Apr 2021 13:00:03 +0200 Received: (nullmailer pid 19734 invoked by uid 10006); Thu, 01 Apr 2021 11:00:03 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Thu, 1 Apr 2021 13:00:03 +0200 Message-Id: <20210401110003.19689-1-arne@rfc2549.org> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rfc2549.org] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_NONE SPF: sender does not publish an SPF Record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record X-Headers-End: 1lRv3b-002jC9-TS Subject: [Openvpn-devel] [PATCH v3] Always disable TLS renegotiations X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Renegotiations have been troublesome in the past and also the recent OpenSSL security problem (CVE-2021-3449) is only exploitable if TLS renegotiation is enabled. mbed TLS disables it by default and says in the documentation: Warning: It is recommended to always disable renegotation unless you know you need it and you know what you're doing. In the past, there have been several issues associated with renegotiation or a poor understanding of its properties. TLS renegotiation can be used to restart a session with diffferent parameters (e.g. now with client certs). This somethign that OpenVPN does not use. For OpenSSL 1.0.2 the workaround to disable renegotiation is rather cumbersome. So we keep this to 1.1.1 only since 1.0.2 is on its way to deprecation anyway. Furthermore because of all these problems, also TLS 1.3 completely drops support for renegotiations. Patch V2: Improve commments and commit message Patch V3: Only disable renegotiation where the SSL_OP_NO_RENEGOTIATION define is available. LibreSSL, wolfSSL and OpenSSL 1.0.2 are lacking this macro. Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- src/openvpn/ssl_mbedtls.c | 4 ++++ src/openvpn/ssl_openssl.c | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 4626e9838..8917fb188 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1086,6 +1086,10 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, { mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups); } + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ + mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED); /* Disable record splitting (for now). OpenVPN assumes records are sent * unfragmented, and changing that will require thorough review and diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index b85f95be1..cb8ac7727 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -320,6 +320,12 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned int ssl_flags) sslopt |= SSL_OP_CIPHER_SERVER_PREFERENCE; #endif sslopt |= SSL_OP_NO_COMPRESSION; + /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL + * session and does not depend on this feature. And TLS renegotiations have + * been problematic in the past */ +#ifdef SSL_OP_NO_RENEGOTIATION + sslopt |= SSL_OP_NO_RENEGOTIATION; +#endif SSL_CTX_set_options(ctx->ctx, sslopt);