[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

Thu Feb 19 13:45:52 UTC 2015

On Thursday 19 February 2015 13:48:43 Hubert Kario wrote:
> On Wednesday 18 February 2015 23:49:39 Stephen Henson via RT wrote:
> > On Wed Feb 18 21:12:09 2015, laurenz.albe at wien.gv.at wrote:
> > > I ran into this problem while connecting to a PostgreSQL server
> > > (PostgreSQL uses OpenSSL
> > > for SSL support) with a Java client using
> > > the PostgreSQL JDBC driver (which uses
> > > the Java Secure Socket
> > > Extension which is part of Oracle's Java Runtime Environment).
> > > Since database connections are potentially long-lived, the PostgreSQL
> > > server will
> > > trigger a renegotiation after a certain amount of data
> > > has been exchanged via the
> > > TLS channel; this amount is configurable
> > > with the parameter "ssl_renegotiation_limit".
> > > 
> > > This renegotiation is
> > > always aborted by OpenSSL with the error "unexpected record".
> > > I could
> > > reproduce the problem with OpenSSL 1.0.1e on Linux and OpenSSL 1.0.1j
> > > on
> > > Windows using Oracle JRE 1.7.0_71 and 1.7.0_75 on the client side.
> > > The protocol version in effect is TLS 1.2 (0x303).
> > 
> > There were some fixes related to renegotiation handling in OpenSSL which
> > first appeared in 1.0.1k. Can you see if this problem still happens in the
> > latest version of OpenSSL?
> 
> I was able to reproduce this issue on master, OpenSSL_1_0_2-stable and
> OpenSSL_1_0_1-stable branches as of *now* (2015-02-19).
> 
> I have a standalone (python - tlsfuzzer/tlslite) reproducer for that, but
> the code is pre-alpha quality, I'll try to publish it anyway.
> 
> I've done it with server running in -legacy_renegotiation mode, but I'm not
> sure if this can have any impact on it.

Ok, the reproducer is available:
openssl req -x509 -newkey rsa:1024 -keyout localhost.key -out localhost.crt \
-subj /CN=localhost -nodes -batch -sha1
openssl s_server -key /tmp/localhost.key -cert /tmp/localhost.crt \
-legacy_renegotiation

In another console:
git clone https://github.com/tomato42/tlslite-1.git --branch ort-3712
git clone https://github.com/tomato42/tlsfuzzer.git
cd tlsfuzzer
PYTHONPATH=.:../tlslite-1/ python scripts/test-tls-server.py

That will cause the openssl process to report:
140090260403872:error:140940F5:SSL routines:ssl3_read_bytes:unexpected 
record:s3_pkt.c:1610:

You'll need python 2.6, 3.2 or later (though I haven't verified if this exact 
reproducer works on 2.6, so 2.7 is recommended)
-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic