Summarising the information gathered so far from various channels (thanks to Bill B., Bill W. & Rainer who have done most of the actual work to find the info below).
BIO/NIO connectors using JSSE. Vulnerable when renegotiation is triggered by the client or server. We could prevent server initiated renegotiation (and probably break the majority of configurations using CLIENT-CERT). We can't do anything to prevent client initiated renegotiation. APR/native connector using OpenSSL It is vulnerable when renegotiation is triggered by the client or by the server. Client triggered negotiation is supported. Server triggered negotiation will be supported from 1.1.17 onwards. OpenSSL 0.9.8l disables negotiation by default In terms of what this means for users: BIO/NIO - There isn't anything we can do in Tomcat to stop client initiated renegotiation so it is a case of waiting for the JVM vendors to respond. APR/native - Re-building their current version with 0.9.8l will protect users at the risk of breaking any configurations that require renegotiation. - We can release 1.1.17 with the binaries built with 0.9.8l. This will also protect users at the risk of breaking any configurations that require renegotiation. Mladen is doing this now. - Supporting renegotiation whilst avoiding the vulnerability will require a protocol fix. In the meantime, we could port port r833582 from httpd which would disable client triggered renegotiation for OpenSSL < 0.9.8l (which may help some users who can't easily change their OpenSSl version and release 1.1.18 with this fix - Once the protocol is fixed, release 1.1.next bundled with the appropriate version of OpenSSL Have I got my facts right above? If so, any objections to posting the above to the users@ and announce@ lists along with adding something to the security pages? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
