Disable renegotiation.

diff --git a/CHANGES b/CHANGES
index 04d332e338bd8ae2e956553de690809052846269..cd445c931309dec47ee933112312165720011354 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,15 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem at the cost of breaking all renegotiation. Renegotiation
+     can be re-enabled by setting
+     OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION at
+     compile-time. This is really not recommended.
+     [Ben Laurie]
+
  Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
 
   *) Don't set val to NULL when freeing up structures, it is freed up by

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 80b45eb86ff1aeb79ddf8d623019e3e89279f8da..6719ecf02e2932a18f88b05a0eec7a4819036743 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -718,6 +718,15 @@ int ssl3_get_client_hello(SSL *s)
 #endif
        STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
+#ifdef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION
+       if (s->new_session)
+               {
+               al=SSL_AD_HANDSHAKE_FAILURE;
+               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_RENEGOTIATION);
+               goto f_err;
+               }
+#endif  /* ndef OPENSSL_ENABLE_UNSAFE_LEGACY_SESSION_RENEGOTATION */
+
        /* We do this so that we will respond with our native type.
         * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
         * This down switching should be handled by a different method.

diff --git a/ssl/ssl.h b/ssl/ssl.h
index ff8a128d3c2d76df900faf9fd07af47df4e201b4..5ef11a3b2b8b0af5fe4bf76f714bbc96ebca7949 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1952,6 +1952,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_PRIVATE_KEY_ASSIGNED                   190
 #define SSL_R_NO_PROTOCOLS_AVAILABLE                    191
 #define SSL_R_NO_PUBLICKEY                              192
+#define SSL_R_NO_RENEGOTIATION                          318
 #define SSL_R_NO_SHARED_CIPHER                          193
 #define SSL_R_NO_VERIFY_CALLBACK                        194
 #define SSL_R_NULL_SSL_CTX                              195

diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 24a994fe01bfafdee288e7c0cec4722cf5deec04..ce2a5557a6ade7265a352490b01155cddc786065 100644 (file)
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -384,6 +384,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
 {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
 {ERR_REASON(SSL_R_NO_PUBLICKEY)          ,"no publickey"},
+{ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
 {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},