[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re: CVE-2009-3555 not addressed in OpenSSL

Anyway, the proper fix would be to backport the RFC5746 changes.


Now, what's the argument for not doing it properly? :-)

But the other end will also require that support for it to work.

Not long ago, this was a chicken-and-egg problem with the clients and servers. But at this point most other vendors have patched to add RFC 5746 support:







and so on...

Debian is unfortunately lagging conspicuously here. Yes, behind MS.

You're probably better off avoiding renegotiation.

There are a couple of subtle limitations of this logic:

* Some people need renegotiation. They aren't particularly many, and they aren't particularly vocal, but if you need it, you really need it.

* There is absolutely no way for the client to tell if the server is performing an unsafe renegotiation at the time the client is expected to hand over his session cookie (and/or sign with his client cert). Unless, of course, he has successfully negotiated the use of RFC 5746 then can be confident that continuing the connection is safe.

Eventually client apps will refuse to talk to servers that don't support RFC 5746 just as today they refuse to talk SSLv2. Browsers are starting to warn about it today:

By not supporting RFC 5746 on the server side, even if the server knows that it will never renegotiate, it prolongs for everyone the delay until clients can stop making potentially insecure connections. In this sense, it is a shared ecosystem problem.

As a long-term Debian user myself, I appeal to Debian's sense of enlightened self-interest and urge that RFC 5746 support be backported to stable.


- Marsh

Reply to: