[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Tue Nov 10 19:28:51 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221 (commit)
from 15a7164eb7d4d031608fcec2801d7f7b11b16923 (commit)
- Log -----------------------------------------------------------------
commit d40ec4ab8e7c0ff39bf4f9918fbb9dfdca4c5221
Author: Matt Caswell <matt at openssl.org>
Date: Tue Nov 10 15:17:42 2015 +0000
Stop DTLS servers asking for unsafe legacy renegotiation
If a DTLS client that does not support secure renegotiation connects to an
OpenSSL DTLS server then, by default, renegotiation is disabled. If a
server application attempts to initiate a renegotiation then OpenSSL is
supposed to prevent this. However due to a discrepancy between the TLS and
DTLS code, the server sends a HelloRequest anyway in DTLS.
This is not a security concern because the handshake will still fail later
in the process when the client responds with a ClientHello.
Reviewed-by: Tim Hudson <tjh at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
ssl/d1_srvr.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 25c30a6..e677d88 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -285,6 +285,19 @@ int dtls1_accept(SSL *s)
ssl3_init_finished_mac(s);
s->state = SSL3_ST_SR_CLNT_HELLO_A;
s->ctx->stats.sess_accept++;
+ } else if (!s->s3->send_connection_binding &&
+ !(s->options &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ /*
+ * Server attempting to renegotiate with client that doesn't
+ * support secure renegotiation.
+ */
+ SSLerr(SSL_F_DTLS1_ACCEPT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ret = -1;
+ s->state = SSL_ST_ERR;
+ goto end;
} else {
/*
* s->state == SSL_ST_RENEGOTIATE, we will just send a
More information about the openssl-commits
mailing list