From rcritten at redhat.com Tue Dec 1 13:52:34 2009 From: rcritten at redhat.com (Rob Crittenden) Date: Tue, 01 Dec 2009 08:52:34 -0500 Subject: [Mod_nss-list] TLS MITM issues CVE-2009-3555 vs. mod_nss In-Reply-To: <20091120134255.13e669c7@redhat.com> References: <20091110182139.7a16bd15@redhat.com> <4AF9B9DA.4060605@redhat.com> <20091120134255.13e669c7@redhat.com> Message-ID: <4B151FA2.4020001@redhat.com> Tomas Hoger wrote: > Hi Rob! > > On Tue, 10 Nov 2009 14:07:06 -0500 Rob Crittenden > wrote: > >>> Are there any plans for mod_nss modifications to address / mitigate >>> this issue? >> Yes, I'm looking into this. I'm not sure I can take the same approach >> as mod_ssl since I have much less visibility into the SSL handshake >> with NSS than with OpenSSL. > > So do you think SSL_HandshakeCallback-registered callbacks should be > insufficient? I do see HandshakeDone callback is already used during > the server-initiated rehandshake to track its progress. It is then > unregistered when rehandshake is done. > > What about registering another function instead of the NULL callback? > The function that will trigger connection abort when called. Can that > be a way or is unlikely to work and is not work more effort? > > Thank you! > > th. Unfortunately this method will not work. See this thread in mozilla.dev.tech.crypto. Too bad, it seemed like a creative way to deal with it. http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/b53f24f80f1bbe3a/d20c9fcac72ad417?hide_quotes=no rob From thoger at redhat.com Tue Dec 1 16:34:04 2009 From: thoger at redhat.com (Tomas Hoger) Date: Tue, 1 Dec 2009 17:34:04 +0100 Subject: [Mod_nss-list] TLS MITM issues CVE-2009-3555 vs. mod_nss In-Reply-To: <4B151FA2.4020001@redhat.com> References: <20091110182139.7a16bd15@redhat.com> <4AF9B9DA.4060605@redhat.com> <20091120134255.13e669c7@redhat.com> <4B151FA2.4020001@redhat.com> Message-ID: <20091201173404.33e929cb@redhat.com> Hi Rob! Thank you for the link! On Tue, 01 Dec 2009 08:52:34 -0500 Rob Crittenden wrote: > Unfortunately this method will not work. See this thread in > mozilla.dev.tech.crypto. Too bad, it seemed like a creative way to deal > with it. > > http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/b53f24f80f1bbe3a/d20c9fcac72ad417?hide_quotes=no Does that discussion say so? I'm afraid it goes off-topic rather quickly. One of the replies mentions that breaking connection after re-handshake is too late. But is it really too late if there's no processing done on the request on the httpd side (i.e. does it really matter, from httpd pov, whether connection is broken at the beginning, in the middle, or at the end of re-handshake)? The discussion also emphasizes that this mitigation is not a complete fix and the attack can still be used if server requests renegotiation. That's true, no argue about that, but that's not really what the change was supposed to do. It's aim was to block client-requested renegs where all renegs can not be disabled (substitute "can not" with "is impractical" or "needs more time to deploy"). There's also a proposed workaround with 302 redirects, but afaik, they are of no use in setups where per-directory NSSVerifyClient setting is needed. If you have a separate IP vhost for protected part of the side, you already have no need for server-requested renegotiations. Anyway, I do understand that new NSS is an alternate way to disable renegs. You may know more of common mod_nss uses to predict if there will be a demand for disabled client-requested renegs in mod_nss once NSS is updated. Thank you! th. From felix.schwarz at oss.schwarz.eu Wed Dec 23 13:39:11 2009 From: felix.schwarz at oss.schwarz.eu (Felix Schwarz) Date: Wed, 23 Dec 2009 14:39:11 +0100 Subject: [Mod_nss-list] TLS Server Name Indication? Message-ID: <4B321D7F.6080402@oss.schwarz.eu> Hi, are there already plans/code to support TLS SNI as soon as server-side support is in nss itself? [1]. I'm really looking forward using mod_nss with TLS SNI as this is the last thing which requires me to use mod_ssl. How much work do you think will be required to implement TLS SNI? fs [1] https://bugzilla.mozilla.org/show_bug.cgi?id=360421 From rcritten at redhat.com Thu Dec 24 03:00:22 2009 From: rcritten at redhat.com (Rob Crittenden) Date: Wed, 23 Dec 2009 22:00:22 -0500 Subject: [Mod_nss-list] TLS Server Name Indication? In-Reply-To: <4B321D7F.6080402@oss.schwarz.eu> References: <4B321D7F.6080402@oss.schwarz.eu> Message-ID: <4B32D946.2010509@redhat.com> Felix Schwarz wrote: > Hi, > > are there already plans/code to support TLS SNI as soon as server-side > support is in nss itself? [1]. I'm really looking forward using mod_nss > with TLS SNI as this is the last thing which requires me to use mod_ssl. > > How much work do you think will be required to implement TLS SNI? > > fs > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=360421 Absolutely. I've been waiting for this support for a very long time (longer than this RFE, actually). How much work to implement depends on the API that NSS finally decides on but I don't expect it to be a lot of work based on the current patches. rob