[issue32257] Support Disabling Renegotiation for SSLContext

2018-05-16 Thread Ned Deily 

Ned Deily  added the comment:

Thanks, Christian!  Merged for 3.7.0 and 3.8.0.

--
priority: deferred blocker -> 
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2018-05-16 Thread Christian Heimes 

Christian Heimes  added the comment:


New changeset e2db6ad1d96ca3e8bd29178f7093785c5d550bb7 by Christian Heimes 
(Miss Islington (bot)) in branch '3.7':
[3.7] bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904) (#6877)
https://github.com/python/cpython/commit/e2db6ad1d96ca3e8bd29178f7093785c5d550bb7


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2018-05-15 Thread miss-islington 

Change by miss-islington :


--
pull_requests: +6549

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2018-05-15 Thread Ned Deily 

Ned Deily  added the comment:


New changeset 67c48016638aac9a15afe6fd6754d53d2bdd6b76 by Ned Deily (Christian 
Heimes) in branch 'master':
bpo-32257: Add ssl.OP_NO_RENEGOTIATION (GH-5904)
https://github.com/python/cpython/commit/67c48016638aac9a15afe6fd6754d53d2bdd6b76


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2018-02-26 Thread Christian Heimes 

Christian Heimes  added the comment:

The OP_NO_RENEGOTIATION option prevents renegotiation in TLS 1.2 and lower. 
Renegotiation is a problematic TLS feature that has led to security issues like 
CVE-2009-3555. TLS 1.3 has removed renegotiation completely in favor of much 
more reliable and simpler rekeying.

PR5904 just adds the constant to the list of options and documents it. I didn't 
add it earlier because it wasn't available in the OpenSSL 1.1.0 branch until 
now. The next upcoming release of 1.1.0 will have it.

--
nosy: +ned.deily
priority: high -> deferred blocker
versions: +Python 3.8 -Python 2.7, Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2018-02-26 Thread Christian Heimes 

Change by Christian Heimes :


--
pull_requests: +5673
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Christian Heimes 

Christian Heimes  added the comment:

We don't work that way. Closed means closed forever. Please leave the bug open.

--
priority: normal -> high
resolution: later -> 
stage: resolved -> 
status: closed -> open
type: enhancement -> security
versions: +Python 3.6, Python 3.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Qichao Chu 

Qichao Chu  added the comment:

Thanks Christian! Let's wait for OpenSSL then.
I will close this bug for now and reopen when OpenSSL releases 1.1.1 with the 
new flag.

--
resolution:  -> later
stage: patch review -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Christian Heimes 

Christian Heimes  added the comment:

I took Guido's keys to the time machine: 
https://github.com/openssl/openssl/issues/4739

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Christian Heimes 

Christian Heimes  added the comment:

Thanks for checking! I had only checked 1.0.2 and 1.1.0 branch...

I can easily expose the info cb in Python -- but there is no simple way to 
bubble up an exception from a callback to Python. The server name callback 
ignores exception and just prints them with PyErr_WriteUnraisable().

Since OpenSSL 1.1.1 will have SSL_OP_NO_RENEGOTIATION, I'm leaning towards not 
making the code more complicated. Either we have to wait for 1.1.1 or ask 
OpenSSL to backport the feature to 1.0.2 and 1.1.0.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Nathaniel Smith 

Nathaniel Smith  added the comment:

It looks like openssl master has SSL_OP_NO_RENEGOTIATION: 
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html

Before that, I guess one could use SSL_CTX_sess_{connect,accept}_renegotiate to 
detect when a renegotiation has occurred and then error out? Admittedly this is 
more effective in nonblocking or memorybio mode. Or you could do something 
similar with the info callback: allow the current operation to succeed, but 
mark the connection as "poisoned". (Heck, in socket bio mode you could flat out 
close the socket. That'll shut things down.)

For bonus annoyance, note that RFC 7240 does allow implementations to support 
renegotiation that happens before any data is exchanged, to allow for the 
encrypted client cert hack.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Qichao Chu 

Qichao Chu  added the comment:

How about exposing the internal ssl object? This will allow applications to 
control the flag.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Christian Heimes 

Christian Heimes  added the comment:

There must be a better way than custom BIOs. An implemented based on Apache's 
approach is probably > 1,000 lines of C code and a massive compliciation of the 
module.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Qichao Chu 

Qichao Chu  added the comment:

Thank you for the investigation. This does seem better than the flag. Shall we 
go ahead implement this?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Christian Heimes 

Christian Heimes  added the comment:

Apache mod_ssl implements CVE-2009-3555 by carefully tracking renegotiation 
state through-out the code base and a custom IO layer that refuses IO when the 
reneg_state becomes invalid.

[1] 
https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_private.h#L502-L513
[2] 
https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_io.c#L202-L250

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-10 Thread Christian Heimes 

Christian Heimes  added the comment:

Sounds about right, but I cannot find a good way to disable renegotiation.

* SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS doesn't look right. For one it's an 
internal, undocumented flag. But more important it is no longer supported in 
OpenSSL 1.1.0.

* The info_callback trick does not work. The info callback cannot return an 
error indicator. In OpenSSL 1.1.0 the function signature is ``void (*cb) (const 
SSL *ssl, int type, int val)``, which means it cannot modify the SSL object in 
order to abort the connection forcefully.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-09 Thread Nathaniel Smith 

Nathaniel Smith  added the comment:

Another reason to consider making it possible to disable renegotiation is 
HTTP/2. RFC 7540 says:

   A deployment of HTTP/2 over TLS 1.2 MUST disable renegotiation.  An
   endpoint MUST treat a TLS renegotiation as a connection error
   (Section 5.4.1) of type PROTOCOL_ERROR.

https://tools.ietf.org/html/rfc7540#section-9.2.1

--
nosy: +njs

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-09 Thread Qichao Chu 

Qichao Chu  added the comment:

I don't think it is a bug in OpenSSL. For various reasons, certain applications 
must allow renegotiation while this leaves security problem for others. That's 
why if python can control this flag, applications will be more confident in 
dealing with DoS attacks aimed at renegotiation.

This flag controls not only SSL3 but also TLSv1.1 and TLSv1.2 after testing on 
Nginx and Gevent. 

As of OpenSSL 1.0.2h, in file ssl/s3_lib.c

int ssl3_renegotiate(SSL *s)
{
if (s->handshake_func == NULL)
return (1);

if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
return (0);

s->s3->renegotiate = 1;
return (1);
}

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-09 Thread Christian Heimes 

Christian Heimes  added the comment:

If it's a bug in OpenSSL, please report the bug with OpenSSL and request a fix. 
Bugs should be patched where they occur. Can you contact OpenSSL development 
team, please?

The flag is not documented and I don't know how it influences OpenSSL. Does the 
flag only affect SSL 3.0 or also TLS 1.0 and newer?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-09 Thread Qichao Chu 

Qichao Chu  added the comment:

Hi Christian,

Thank you for review! I have changed the code to directly setting this flag by 
using s3->flag. Code is copied from nginx repo: 
https://github.com/nginx/nginx/blob/ed0cc4d52308b75ab217724392994e6828af4fda/src/event/ngx_event_openssl.c.

I think this change is still needed. Although OpenSSL claimed it is fixed, 
THC-SSL-DOS showed it is vulnerable. If this is not the case, then nginx won't 
need to set the flag.

Thanks,
Qichao

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-09 Thread Christian Heimes 

Christian Heimes  added the comment:

I don't think your PR is required. The issue has been addressed in OpenSSL 
0.9.8m over 7 years ago, https://access.redhat.com/security/cve/cve-2009-3555.


>From https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html

> OpenSSL always attempts to use secure renegotiation as described in RFC5746. 
> This counters the prefix attack described in CVE-2009-3555 and elsewhere.


OpenSSL changelog

Changes between 0.9.8l and 0.9.8m [25 Feb 2010]


  *) Implement RFC5746. Re-enable renegotiation but require the extension
 as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
 turns out to be a bad idea. It has been replaced by
 SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
 SSL_CTX_set_options(). This is really not recommended unless you
 know what you are doing.
 [Eric Rescorla , Ben Laurie, Steve Henson]

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-09 Thread Christian Heimes 

Christian Heimes  added the comment:

Thanks for your patch, a few comments

We generally don't have special functions to set flags. 
SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS is an OpenSSL < 1.1.0 option. OpenSSL 1.1.0 
still defines the flag but no longer uses it. With your patch, the Python 
function would fail with a NameError.

I don't think that self.options is the right way to set that flag. The option 
attribute manipulates SSL_CTX->options, which affects SSL->options. The flag 
has to be set on SSL->s3->flags.

Your patch is missing documentation update and tests.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-08 Thread Qichao Chu 

Change by Qichao Chu :


--
pull_requests:  -4664

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-08 Thread Qichao Chu 

Change by Qichao Chu :


--
pull_requests:  -4665

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-08 Thread Qichao Chu 

Change by Qichao Chu :


--
pull_requests: +4666

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-08 Thread Qichao Chu 

Change by Qichao Chu :


--
pull_requests: +4665

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-08 Thread Qichao Chu 

Change by Qichao Chu :


--
keywords: +patch
pull_requests: +4664
stage:  -> patch review

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue32257] Support Disabling Renegotiation for SSLContext

2017-12-08 Thread Qichao Chu 

New submission from Qichao Chu :

Adding a new method in SSLContext so that we can disable renegotiation easier.
This resolves CVE-2009-3555 and attack demoed by thc-ssl-dos

--
assignee: christian.heimes
components: SSL
messages: 307879
nosy: christian.heimes, chuq
priority: normal
severity: normal
status: open
title: Support Disabling Renegotiation for SSLContext
type: enhancement
versions: Python 2.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com