From 68be98d1a6170b9ce64ba6a8b68479ce0ee8aebe Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 12 Feb 2010 22:02:07 +0000 Subject: [PATCH] update references to new RI RFC --- CHANGES | 23 +++++++++++------------ NEWS | 2 +- doc/ssl/SSL_CTX_set_options.pod | 4 ++-- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index 967ee9b2fa..bafe422807 100644 --- a/CHANGES +++ b/CHANGES @@ -39,14 +39,14 @@ [Steve Henson] *) If client attempts to renegotiate and doesn't support RI respond with - a no_renegotiation alert as required by draft-ietf-tls-renegotiation. - Some renegotiating TLS clients will continue a connection gracefully - when they receive the alert. Unfortunately OpenSSL mishandled - this alert and would hang waiting for a server hello which it will never - receive. Now we treat a received no_renegotiation alert as a fatal - error. This is because applications requesting a renegotiation might well - expect it to succeed and would have no code in place to handle the server - denying it so the only safe thing to do is to terminate the connection. + a no_renegotiation alert as required by RFC5746. Some renegotiating + TLS clients will continue a connection gracefully when they receive + the alert. Unfortunately OpenSSL mishandled this alert and would hang + waiting for a server hello which it will never receive. Now we treat a + received no_renegotiation alert as a fatal error. This is because + applications requesting a renegotiation might well expect it to succeed + and would have no code in place to handle the server denying it so the + only safe thing to do is to terminate the connection. [Steve Henson] *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if @@ -58,10 +58,9 @@ the updated NID creation version. This should correctly handle UTF8. [Steve Henson] - *) Implement draft-ietf-tls-renegotiation-03. Re-enable - renegotiation but require the extension as needed. Unfortunately, - SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION turns out to be a - bad idea. It has been replaced by + *) Implement RFC5746. Re-enable renegotiation but require the extension + as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + turns out to be a bad idea. It has been replaced by SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with SSL_CTX_set_options(). This is really not recommended unless you know what you are doing. diff --git a/NEWS b/NEWS index 23939b603b..19533cb495 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,7 @@ o Remove MD2 from algorithm tables. o SPKAC handling fixes. - o Implement draft-ietf-tls-renegotiation-03. + o Support for RFC5746 TLS renegotiation extension. o Compression memory leak fixed. o Compression session resumption fixed. o Ticket and SNI coexistence fixes. diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 6cbda5f194..52c7497e3a 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -235,8 +235,8 @@ these options. =head1 SECURE RENEGOTIATION OpenSSL 0.9.8m and later always attempts to use secure renegotiation as -described in draft-ietf-tls-renegotiation (FIXME: replace by RFC). This -counters the prefix attack described in CVE-2009-3555 and elsewhere. +described in RFC5746. This counters the prefix attack described in +CVE-2009-3555 and elsewhere. The deprecated and highly broken SSLv2 protocol does not support secure renegotiation at all: its use is B discouraged. -- 2.25.1