Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#463 closed defect (worksforme)

Server: OpenSSL options for modern OpenSSL

Reported by: Jeffrey Walton Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.3.x
Keywords: Cc:
uname -a: $ uname -a
Darwin riemann.home.pvt 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64
nginx -V: $ objs/nginx -V
nginx version: nginx/1.4.4
configure arguments:

Description

A number of the bug workarounds applied to the server can be forgone according to https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html. According the page, "As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect."

From https://www.openssl.org/docs/crypto/OPENSSL_VERSION_NUMBER.html, I believe the version numbers of interest are 0x000908100 (0.9.8q), 0x000A00000 (1.0.0), 0x000A00010 (1.0.0a), and 0x000A00020 (1.0.0b).

#if (OPENSSL_VERSION_NUMBER <= 0x000908100) || (OPENSSL_VERSION_NUMBER == 0x001000000) || (OPENSSL_VERSION_NUMBER == 0x001000010) || (OPENSSL_VERSION_NUMBER == 0x001000020)
    SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);

    /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
    SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);

    SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
    SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
#endif

Change History (2)

comment:1 by Maxim Dounin, 7 years ago

Resolution: worksforme
Status: newclosed

The patch is wrong. It tries to protect under version checks what don't need to be protected (the fact that something has no effect in certain versions doesn't mean it can't be set), and disables various valid workarounds. If there are concerns that something will be removed in near future like SSL_OP_MSIE_SSLV2_RSA_PADDING (which isn't present at OpenSSL git tip), it's good idea to just protect the use like it's done in the a73678f5f96f changeset for SSL_OP_MSIE_SSLV2_RSA_PADDING.

Please also take a look at http://nginx.org/en/docs/contributing_changes.html.

comment:2 by Jeffrey Walton, 7 years ago

It tries to protect under version checks what don't need to be protected

Well, those work arounds are for 10 or 15 year old bugs. According the the docs, the options (for the old bugs) apply to 0.9.8q and lesser; and 1.0.0, 1.0.0.a, and 1.0.0b. There's no need to apply them to newer versions of the library.

Or maybe I'm reading it incorrectly.


If there are concerns that something will be removed in near future...

No, not at all.

And some things won't be removed fast enough, like SSLv2. I'm amazed SSLv2 is still present by default in 2013. We've known its completely broken since at least 1996 or so... (Schneier and Wagner in "Analysis of the SSL 3.0 Protocol").


Please also take a look at ​http://nginx.org/en/docs/contributing_changes.html.

Thanks.

Note: See TracTickets for help on using tickets.