Overview ======== The purpose of this update is provide information on the current understanding so users are better informed when making decisions regarding risk mitigation for this issue in their environment.
Work on the root cause is progressing but is still in a state of flux. Discussion is focussed on workarounds that could be applied that would allow server initiated renegotiation without exposing the participants to the vulnerability described in CVE-2009-3555. BIO Connector ============= The HTTP BIO connector that ships with 6.0.20 and 5.5.28 supports client and server initiated negotiation and is vulnerable to CVE-2009-3555. A patch [1],[2] has been applied to trunk, 6.0.x and 5.5.x that provides an option to disable renegotiation. This patch has an issue in that it uses an asynchronous callback to close the connection when a handshake is detected. It is theoretically possible for an attack to complete before the connection is closed. When negotiation is disabled, both server and client initiated attempts to renegotiate are logged. An updated patch [3] has been applied to trunk and proposed for 6.0.x and 5.5.x that resolves the asynchronous concerns but only logs server initiated renegotiation. Users of 6.0.20, 5.5.28 and earlier versions can apply either of the patches. It will be necessary to build Tomcat from source to use these patches. Testing with both these patches has shown that using the connector attributes clientAuth="want" and allowUnsafeLegacyRenegotiation="false" provides a similar user experience during negotiation to clientAuth="false" and allowUnsafeLegacyRenegotiation="true" although this may vary by application. It is anticipated that 6.0.21 and 5.5.29 releases will be made once the situation stabilises and the Tomcat development team is confident that further changes will not be required. [1]http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc6.patch [2]http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc5.patch [3]http://svn.apache.org/viewvc?rev=882320&view=rev NIO Connector ============= The HTTP NIO connector that ships with 6.0.20 does not support client or server initiated renegotiation and is therefore not vulnerable to CVE-2009-3555. As and when negotiation support is added to the NIO connector, it will support the allowUnsafeLegacyRenegotiation connector attribute and behave in a similar manner to the HTTP BIO connector. APR / native Connector ====================== Behaviour of the APR/native connector depends on the version of the APR/native connector and on the version of OpenSSL that the connector is build with. Versions prior to APR/native 1.1.16 are not discussed. The windows binaries available from the ASF have been built with the following OpenSSL versions: APR/native OpenSSL 1.1.16 0.9.8i 1.1.17 0.9.8l 1.1.18 TBD - not yet released Any version of the APR/native connector built with OpenSSl 0.9.8l will not support client or server initiated negotiation and will, therefore, not be vulnerable to CVE-2009-3555. Client initiated negotiation is supported in 1.1.16 and 1.1.17. These versions are, therefore, vulnerable to CVE-2009-3555 unless built with OpenSSL 0.9.8l. Client initiated negotiation has been disabled in 1.1.18. Therefore, this version is not vulnerable to CVE-2009-3555 via client initiated renegotiation although it may still be vulnerable via server initiated renegotiation. Server initiated renegotiation is supported in 1.1.17 onwards. Therefore, 1.1.17 onwards is vulnerable to CVE-2009-3555 via server initiated renegotiation unless the APR/native connector is built with OpenSSL 0.9.8l. Questions / comments ==================== Any questions or comments should be directed to the Tomcat users mailing list in the first instance. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org