[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#762619: marked as done (apache2: Don't let TLS session tickets botch PFS)

Your message dated Sat, 27 Dec 2014 15:32:07 +0000
with message-id <E1Y4tLb-0001RD-4y@franck.debian.org>
and subject line Bug#762619: fixed in apache2 2.2.22-13+deb7u4
has caused the Debian Bug report #762619,
regarding apache2: Don't let TLS session tickets botch PFS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
762619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762619
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: apache2
Version: 2.2.22-13+deb7u3
Severity: normal

Dear Maintainer,

As explained here[1], TLS session tickets can make Perfect Forward Secrecy
useless. The currently backported patches of openssl and apache on debian
stable don't provide any way to disable session tickets nor change the lifetime.

There are patches for apache 2.4 to disable session tickets, but they are not on
apache 2.2 and would require patches on openssl too (here[2] says it needs
openssl >=1.0.2). Session tickets, in apache 2.4 with OpenSSL 1.0.2 or later,
can be disabled using the SSLOpenSSLConfCmd directive, as documented here[2].

As stated here[1], restarting apache invalidates previous session tickets, so
that seems to be the only way to not render PFS useless (restart with some
frequency) on debian right now.

I tried to do some tests to see if maybe a reload was enough (doesn't cause
downtime :)) to re-generate the randomly generated session ticket key at
startup.  But let me be very clear about this: I'm not a security expert (far
from that) nor I have any deep knowledge of TLS, session resumption, etc. I
just did some tests that I'm not 100% sure what they mean.

I used sslyze and did a simple patch on top of it to print when the sesion
tickets resumption was being tested and added a sleep to give me time to reload
the apache server just in the middle. The patch I used is here[3]. So I just did
that: run the test until the "Trying to resume TLS tickets, waiting 10s" print
was done, then I reload the apache server and verify the next print wasn't
printed when apache finishes reloading (it didn't). And the result of the test
is that session tickets resumption is NOT supported. And, of course, if I run it
without reloading apache it says it is supported.

That's why I *think* that it *might* be enough to reload apache to invalidate
the previous session tickets and shorten the forward secrecy window. But, of
course, this should be verified.

In any case, it will be nice if in the README.Debian file this problem[1] is
mentioned and recommends some way to avoid it (using a reload if it is enough,
a restart -although not the very best solution-, backporting the patches from
apache 2.4 or whatever it needs to be done).


If I can help you with something, please let me know.




Thanks a lot,
Rodrigo


[1]: https://www.imperialviolet.org/2013/06/27/botchingpfs.html
[2]: https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslopensslconfcmd
[3]: https://github.com/rata/sslyze/commit/37a56bfa0f280869f6a17572c1726eda848c74bf

--- End Message ---
--- Begin Message --- 
Source: apache2
Source-Version: 2.2.22-13+deb7u4

We believe that the bug you reported is fixed in the latest version of
apache2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 762619@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated apache2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 23 Dec 2014 23:44:24 +0100
Source: apache2
Binary: apache2.2-common apache2.2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2-utils apache2-suexec apache2-suexec-custom apache2 apache2-doc apache2-prefork-dev apache2-threaded-dev apache2-dbg
Architecture: source amd64 all
Version: 2.2.22-13+deb7u4
Distribution: wheezy
Urgency: medium
Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 apache2    - Apache HTTP Server metapackage
 apache2-dbg - Apache debugging symbols
 apache2-doc - Apache HTTP Server documentation
 apache2-mpm-event - Apache HTTP Server - event driven model
 apache2-mpm-itk - multiuser MPM for Apache 2.2
 apache2-mpm-prefork - Apache HTTP Server - traditional non-threaded model
 apache2-mpm-worker - Apache HTTP Server - high speed threaded model
 apache2-prefork-dev - Apache development headers - non-threaded MPM
 apache2-suexec - Standard suexec program for Apache 2 mod_suexec
 apache2-suexec-custom - Configurable suexec program for Apache 2 mod_suexec
 apache2-threaded-dev - Apache development headers - threaded MPM
 apache2-utils - utility programs for webservers
 apache2.2-bin - Apache HTTP Server common binary files
 apache2.2-common - Apache HTTP Server common files
Closes: 762619 771199 773841
Changes: 
 apache2 (2.2.22-13+deb7u4) wheezy; urgency=medium
 .
   * CVE-2013-5704: Fix handling of chunk trailers. A remote attacker could
     use this flaw to bypass intended mod_headers restrictions, allowing
     them to send requests to applications that include headers that should
     have been removed by mod_headers.
     The new behavior is to not merge trailers into the headers autmatically.
     A new directive "MergeTrailers" is introduced to restore the old
     behavior.
   * Fix hostname comparison with SNI to be case insensitive. Closes: #771199
   * Fix valule of SSL_CLIENT_S_DN_UID in mod_ssl (broken in 2.2.15).
     Closes: #773841
   * Add paragraph about session ticket key life-time and forward secrecy to
     README.Debian. Closes: #762619
Checksums-Sha1: 
 989077010d72cf3360ec0142919aa0e67042d286 2899 apache2_2.2.22-13+deb7u4.dsc
 4910db7b7777e0930f50adc4f2ba9bd16386ae47 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz
 a318d750e1f523d0d30602926fbb1817bf9e1cc7 292630 apache2.2-common_2.2.22-13+deb7u4_amd64.deb
 6102f00be2cf6feb27f9bba1c1cd7252f9f551c2 786136 apache2.2-bin_2.2.22-13+deb7u4_amd64.deb
 ac7e739769a2443a62a0c80d9a4073253218381b 2238 apache2-mpm-worker_2.2.22-13+deb7u4_amd64.deb
 453aa0874a5b8b3fc349c8b4027f7f7ded4e1cef 2346 apache2-mpm-prefork_2.2.22-13+deb7u4_amd64.deb
 ad728f5ef22086b9272fa3b84647efa562d25472 2304 apache2-mpm-event_2.2.22-13+deb7u4_amd64.deb
 32271e60e2b8459a56832ac854124cbbf1b08992 2330 apache2-mpm-itk_2.2.22-13+deb7u4_amd64.deb
 bad4d629f63bb4eef9034c1bf4745d4ef2d2d070 163400 apache2-utils_2.2.22-13+deb7u4_amd64.deb
 386a676a51c2d7f81d7d17c9a6c4d72efb39a13d 106956 apache2-suexec_2.2.22-13+deb7u4_amd64.deb
 ce5a51d7fbb70aff3854a23d37486fd7fb3f92fc 108466 apache2-suexec-custom_2.2.22-13+deb7u4_amd64.deb
 a5c535fea65b9773f71812313500993fe7dda1c8 1440 apache2_2.2.22-13+deb7u4_amd64.deb
 24a53bd2985c5625b6cb4fc614cbf0ce417ec8e5 1775012 apache2-doc_2.2.22-13+deb7u4_all.deb
 61ddb0e5f5a4fdd98fee3294d7f1059029b0340b 114606 apache2-prefork-dev_2.2.22-13+deb7u4_amd64.deb
 bf1e6a90476990e865490e4943ba69b03be08235 115444 apache2-threaded-dev_2.2.22-13+deb7u4_amd64.deb
 dd25cf50946d41e5a414e1f6e5d6cc785e54d0fe 1724370 apache2-dbg_2.2.22-13+deb7u4_amd64.deb
Checksums-Sha256: 
 256e8d59f1d5f71cdbc2642003333b77aa0039b24c817584bee0e7e4eb4c400d 2899 apache2_2.2.22-13+deb7u4.dsc
 c4dbf8b4e8b62ae4bb59bce73de99b0cc84d337e516ee300936db6184c921c78 218049 apache2_2.2.22-13+deb7u4.debian.tar.gz
 c5b4cae9633e9f996201c4a77f403abc5539a1e445b576afd365d0efc8241ca4 292630 apache2.2-common_2.2.22-13+deb7u4_amd64.deb
 b831b9dad8a6bc2a284800a10e86b028562c01aebe6480d7e4985d3dbe28e3ea 786136 apache2.2-bin_2.2.22-13+deb7u4_amd64.deb
 d648be3d4f6b3b38e29d97268bfe4d291a4b29fa89fcb2fac318c44242dc5d5b 2238 apache2-mpm-worker_2.2.22-13+deb7u4_amd64.deb
 50e885d34fadeeb7ca9a376f4cf5efa679cd95ba6a54da9a3b09dc0ce94ed55b 2346 apache2-mpm-prefork_2.2.22-13+deb7u4_amd64.deb
 42867d366930d259845a2b4402a779641deaf698b0ce980c556585877b0e5545 2304 apache2-mpm-event_2.2.22-13+deb7u4_amd64.deb
 75423e4e47d7b166a1b2a44c17c1de261570fcedf99cc704aa33c14fcf98bc97 2330 apache2-mpm-itk_2.2.22-13+deb7u4_amd64.deb
 d92780ea8f0eb55f5664351081d5e4282774ab70d8bc69fe6fd724c16d91154d 163400 apache2-utils_2.2.22-13+deb7u4_amd64.deb
 6a149fff7cf79800b67851fef6870e1e899d79f516335a7acad4390a8bee9660 106956 apache2-suexec_2.2.22-13+deb7u4_amd64.deb
 8396c5c46c225e4838590eb01a18b8059c9cbb9af69955bcad2105041bce0050 108466 apache2-suexec-custom_2.2.22-13+deb7u4_amd64.deb
 2c1cf0f5f5928655e6d0f82b052e8b154ea422dadf1a16acb417f5abcab493ae 1440 apache2_2.2.22-13+deb7u4_amd64.deb
 ebc136a630be29c1c4ef7005bb5b15e3a47e3394e8f60b707101c5220b17687c 1775012 apache2-doc_2.2.22-13+deb7u4_all.deb
 069fc587d6e6ca4b1ee8ef5f3673cec6e616283702eac3c493de1adb16d337d6 114606 apache2-prefork-dev_2.2.22-13+deb7u4_amd64.deb
 0775a4a82c0ce3fc58de4d4c1111d0fc43855923e2260c2ffc258e5b24d7ca37 115444 apache2-threaded-dev_2.2.22-13+deb7u4_amd64.deb
 6f57dd62d5f6ca279caca66ed617b29c689435e9931911b07381f1ab2855ef45 1724370 apache2-dbg_2.2.22-13+deb7u4_amd64.deb
Files: 
 f3d2bb9de59d2d7d7532be32aee1b39f 2899 httpd optional apache2_2.2.22-13+deb7u4.dsc
 042c983543445d9bcfc67c2856c543ad 218049 httpd optional apache2_2.2.22-13+deb7u4.debian.tar.gz
 2cdfbadb6e22e3f195f251abfc02590b 292630 httpd optional apache2.2-common_2.2.22-13+deb7u4_amd64.deb
 885aa5d446fee300a5be5de8f6f811fe 786136 httpd optional apache2.2-bin_2.2.22-13+deb7u4_amd64.deb
 eb77921495c268c6de7791a89d5443b8 2238 httpd optional apache2-mpm-worker_2.2.22-13+deb7u4_amd64.deb
 ea3f080e33aa27e3c065761bd5148ad8 2346 httpd optional apache2-mpm-prefork_2.2.22-13+deb7u4_amd64.deb
 4cfb61ee826ae80c98d613928cfaf4f7 2304 httpd optional apache2-mpm-event_2.2.22-13+deb7u4_amd64.deb
 8a7eb36dd1eac71d2196b75ff5d7eeed 2330 httpd extra apache2-mpm-itk_2.2.22-13+deb7u4_amd64.deb
 47bffaa060a7fa15d767ad60c285b035 163400 httpd optional apache2-utils_2.2.22-13+deb7u4_amd64.deb
 932ec14ea96ca9e1d32b6b3bf18fce87 106956 httpd optional apache2-suexec_2.2.22-13+deb7u4_amd64.deb
 703fcf0e3d56b47f157361cd75268d66 108466 httpd extra apache2-suexec-custom_2.2.22-13+deb7u4_amd64.deb
 00e353b128dc04c101e7399a87901882 1440 httpd optional apache2_2.2.22-13+deb7u4_amd64.deb
 7779c73f0286bcb6cbb48b608c6af180 1775012 doc optional apache2-doc_2.2.22-13+deb7u4_all.deb
 e89780b1826ddffa64d5cd28a792f8a8 114606 httpd extra apache2-prefork-dev_2.2.22-13+deb7u4_amd64.deb
 5b2ab63b73686dc5404500cd8bfa9094 115444 httpd extra apache2-threaded-dev_2.2.22-13+deb7u4_amd64.deb
 b2b02a31c6f66b2522ba01d83f8a6484 1724370 debug extra apache2-dbg_2.2.22-13+deb7u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBVJw488aHXzVBzv3gAQinWQ/9FkTdVJQNlo1AfB7CAspsfWJ6iK0rMyAh
Pa5mV0+kpTqmEHPXEXxs40/Tie0NptP5pVB95ezGOCbr3ADFGCcWMButOkpIxFIJ
yh0yu2qfgETRPLvPpgoJ1/Z7FH1MgBur9UoQyfej63WIbmtChhdMIAHOKpnsvGsp
Sf83ovA2fpx51UtXB+O8orXOdK77yfWzHzi2h6gj+8mR5oiKSeOwglSBfZpv/v6y
daB+62W9tPmWreojUnII94UympArnsmkJtnpFVAi70ehm/vNTsOgQM9ZDUvxukVs
2aVj9AsUodfM/OZaTPYeYSie4NBDrpMe6EcB15y5wLnnur546nC7ehzjkk9K7RBc
y4esycXLBguTgydkcaVTlgn+V/7//dS9bwCyHLrVz8xcD2ulemw30FYrVVvERgMS
a/Ou5Y26isyAoF/jWgVaD/WKLXUllzR3uiez1mhN4sdt/TcrjvHyoTZZdk//OaRC
JqbaEUvokxTKMtJXGgDhqcfA6krfFDb9AD0yh4eTixG2JLQrrQKoHWp9ApMaBflL
L++3H8XTKJPAsO3KNwumSKx6PgoOIIKCYB7czz3ojJnweYui9WQCY0yEWZEGSRo9
vZfOmjaxjYv945YtAWQwve2GX98o9Vcxuqh/97GHYF96VVOOc/xYOymsoG5r623j
AGAUtbJ2I9M=
=16vY
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: