[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

[Hubert Kario via RT]

On Wednesday 18 February 2015 23:49:39 Stephen Henson via RT wrote:
> On Wed Feb 18 21:12:09 2015, laurenz.albe at wien.gv.at wrote:
> > I ran into this problem while connecting to a PostgreSQL server
> > (PostgreSQL uses OpenSSL
> > for SSL support) with a Java client using
> > the PostgreSQL JDBC driver (which uses
> > the Java Secure Socket
> > Extension which is part of Oracle's Java Runtime Environment).
> > Since database connections are potentially long-lived, the PostgreSQL
> > server will
> > trigger a renegotiation after a certain amount of data
> > has been exchanged via the
> > TLS channel; this amount is configurable
> > with the parameter "ssl_renegotiation_limit".
> > 
> > This renegotiation is
> > always aborted by OpenSSL with the error "unexpected record".
> > I could
> > reproduce the problem with OpenSSL 1.0.1e on Linux and OpenSSL 1.0.1j
> > on
> > Windows using Oracle JRE 1.7.0_71 and 1.7.0_75 on the client side.
> > The protocol version in effect is TLS 1.2 (0x303).
> 
> There were some fixes related to renegotiation handling in OpenSSL which
> first appeared in 1.0.1k. Can you see if this problem still happens in the
> latest version of OpenSSL?

I was able to reproduce this issue on master, OpenSSL_1_0_2-stable and 
OpenSSL_1_0_1-stable branches as of *now* (2015-02-19).

I have a standalone (python - tlsfuzzer/tlslite) reproducer for that, but the 
code is pre-alpha quality, I'll try to publish it anyway.

I've done it with server running in -legacy_renegotiation mode, but I'm not 
sure if this can have any impact on it.

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic