OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Difficulties with testing TLS 1.3


> On Fri, Jun 15, 2018 at 9:38 AM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>> On Fri, Jun 15, 2018 at 8:59 AM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
>>>> On Fri, Jun 15, 2018 at 3:06 AM, Dennis Clarke <dclarke@xxxxxxxxxxxxx> wrote:
>>>>>
>>>>> [Fri Jun 15 00:59:59.788742 2018] [ssl:error] [pid 2250:tid 27] [client
>>>>> 68.179.116.201:34466] AH02042: rejecting client initiated renegotiation
>>>
>>> This suggests that with TLS 1.3, unlike with previous protocols, the
>>> ssl_callback_Info callback is always called by openssl (some specific
>>> extension only?). httpd is not prepared to that and thinks it's a
>>> client renegotiation.
>>>
>>> I didn't look at TLS 1.3 yet, but something along this looks seems plausible.
>>
>> For instance, multiple session tickets might call the callback more than once:
>> https://github.com/openssl/openssl/blob/master/ssl/statem/statem_srvr.c#L3785
>>
>> Since renegotiations are forbidden by TLS 1.3 in the first place
>> (enforced by openssl probably), I think that the check for
>> renegotiations should be disabled in our ssl_callback_Info (for TLS
>> 1.3).

Dennis, does the attached patch help?
Index: modules/ssl/ssl_engine_kernel.c
===================================================================
--- modules/ssl/ssl_engine_kernel.c	(revision 1833451)
+++ modules/ssl/ssl_engine_kernel.c	(working copy)
@@ -2238,7 +2238,6 @@ void ssl_callback_Info(const SSL *ssl, int where,
 {
     conn_rec *c;
     server_rec *s;
-    SSLConnRec *scr;
 
     /* Retrieve the conn_rec and the associated SSLConnRec. */
     if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
@@ -2245,25 +2244,33 @@ void ssl_callback_Info(const SSL *ssl, int where,
         return;
     }
 
-    if ((scr = myConnConfig(c)) == NULL) {
-        return;
-    }
+#if SSL_HAVE_PROTOCOL_TLSV1_3
+    if (SSL_version(ssl) < TLS1_3_VERSION)
+#endif
+    {
+        SSLConnRec *scr;
 
-    /* If the reneg state is to reject renegotiations, check the SSL
-     * state machine and move to ABORT if a Client Hello is being
-     * read. */
-    if (!scr->is_proxy &&
-        (where & SSL_CB_HANDSHAKE_START) &&
-        scr->reneg_state == RENEG_REJECT) {
-            scr->reneg_state = RENEG_ABORT;
-            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
-                          "rejecting client initiated renegotiation");
+        if ((scr = myConnConfig(c)) == NULL) {
+            return;
+        }
+
+        /* If the reneg state is to reject renegotiations, check the SSL
+         * state machine and move to ABORT if a Client Hello is being
+         * read. */
+        if (!scr->is_proxy &&
+            (where & SSL_CB_HANDSHAKE_START) &&
+            scr->reneg_state == RENEG_REJECT) {
+                scr->reneg_state = RENEG_ABORT;
+                ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
+                              "rejecting client initiated renegotiation");
+        }
+        /* If the first handshake is complete, change state to reject any
+         * subsequent client-initiated renegotiation. */
+        else if ((where & SSL_CB_HANDSHAKE_DONE)
+                 && scr->reneg_state == RENEG_INIT) {
+            scr->reneg_state = RENEG_REJECT;
+        }
     }
-    /* If the first handshake is complete, change state to reject any
-     * subsequent client-initiated renegotiation. */
-    else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
-        scr->reneg_state = RENEG_REJECT;
-    }
 
     s = mySrvFromConn(c);
     if (s && APLOGdebug(s)) {