[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken

Albe Laurenz via RT rt at openssl.org
Mon Oct 19 10:19:09 UTC 2015 

Hubert Kario wrote:
>> Fixing this sort of problem is going to be *hard* and probably require
>> quite a lot of non-trivial changes - definitely not the sort of the
>> thing I want to be doing in a stable branch. Fixing this is an
>> example of what I meant by "onerous mitigations", but I now realise
>> it is absolutely necessary if we wanted to pursue this.
>>
>> I think we should be marking this as a "won't fix" for all released
>> versions. The question is whether we should even attempt to fix it for
>> 1.1.0 or not.
> 
> we may actually be able to patch this up partially in 1.0.x
> 
> the original problem description mentions server being unable to process
> application data before Certificate/Client Key Exchange, not in any
> place what so ever
> 
> (Albe, please double check if you didn't saw Java sending app data at
> any different point)

I ran my test with the patched version of OpenSSL 1.0.2, PostgreSQL 9.4.5 and
Java 1.7.0_71 which completes without errors, and this is a Wireshark trace:

      4 0.002744000    10.155.6.40           10.153.93.229         TLSv1    62     Ignored Unknown Record
      6 0.003135000    10.153.93.229         10.155.6.40           TLSv1    60     Ignored Unknown Record
      7 0.189902000    10.155.6.40           10.153.93.229         TLSv1    259    Client Hello
      8 0.192699000    10.153.93.229         10.155.6.40           TLSv1    1485   Server Hello, Certificate, Server Key Exchange, Server Hello Done
      9 0.201141000    10.155.6.40           10.153.93.229         TLSv1    129    Client Key Exchange
     10 0.208975000    10.155.6.40           10.153.93.229         TLSv1    60     Change Cipher Spec
     12 0.210346000    10.155.6.40           10.153.93.229         TLSv1    107    Encrypted Handshake Message
     13 0.210739000    10.153.93.229         10.155.6.40           TLSv1    113    Change Cipher Spec, Encrypted Handshake Message
     14 0.211317000    10.155.6.40           10.153.93.229         TLSv1    187    Application Data
     15 0.212242000    10.153.93.229         10.155.6.40           TLSv1    144    Application Data, Application Data
     16 0.212865000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
     17 0.212932000    10.155.6.40           10.153.93.229         TLSv1    123    Application Data
     19 0.216170000    10.153.93.229         10.155.6.40           TLSv1    448    Application Data, Application Data
     20 0.223596000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
     21 0.223671000    10.155.6.40           10.153.93.229         TLSv1    155    Application Data
     23 0.224256000    10.153.93.229         10.155.6.40           TLSv1    144    Application Data, Application Data
     24 0.235175000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
     25 0.235258000    10.155.6.40           10.153.93.229         TLSv1    171    Application Data
     27 0.235622000    10.153.93.229         10.155.6.40           TLSv1    160    Application Data, Application Data
     28 0.236106000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
     29 0.236175000    10.155.6.40           10.153.93.229         TLSv1    155    Application Data
     31 0.237038000    10.153.93.229         10.155.6.40           TLSv1    1514   Application Data
     37 0.237265000    10.153.93.229         10.155.6.40           TLSv1    1020   Application Data
     38 0.237265000    10.153.93.229         10.155.6.40           TLSv1    91     Encrypted Handshake Message
     39 0.237265000    10.153.93.229         10.155.6.40           TLSv1    1008   Application Data, Application Data
     41 0.241914000    10.155.6.40           10.153.93.229         TLSv1    331    Encrypted Handshake Message
     42 0.244284000    10.153.93.229         10.155.6.40           TLSv1    1514   Encrypted Handshake Message, Encrypted Handshake Message
     43 0.244285000    10.153.93.229         10.155.6.40           TLSv1    150    Encrypted Handshake Message
     45 0.248419000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
     46 0.248492000    10.155.6.40           10.153.93.229         TLSv1    155    Application Data
     48 0.253568000    10.155.6.40           10.153.93.229         TLSv1    155    Encrypted Handshake Message
     49 0.257257000    10.155.6.40           10.153.93.229         TLSv1    91     Change Cipher Spec
     50 0.257494000    10.155.6.40           10.153.93.229         TLSv1    107    Encrypted Handshake Message
     52 0.257939000    10.153.93.229         10.155.6.40           TLSv1    144    Change Cipher Spec, Encrypted Handshake Message
     53 0.258048000    10.153.93.229         10.155.6.40           TLSv1    1514   Application Data
     59 0.258282000    10.153.93.229         10.155.6.40           TLSv1    1020   Application Data
     60 0.258283000    10.153.93.229         10.155.6.40           TLSv1    91     Encrypted Handshake Message
     61 0.258283000    10.153.93.229         10.155.6.40           TLSv1    1008   Application Data, Application Data
     63 0.265872000    10.155.6.40           10.153.93.229         TLSv1    331    Encrypted Handshake Message
     64 0.266324000    10.155.6.40           10.153.93.229         TLSv1    91     Application Data
     65 0.266431000    10.155.6.40           10.153.93.229         TLSv1    91     Encrypted Alert
     67 0.267282000    10.153.93.229         10.155.6.40           TLSv1    293    Encrypted Handshake Message, Change Cipher Spec, Encrypted Handshake Message

Ist that good enough? Can you infer from context which "Encrypted Handshake Message" is what?

Yours,
Laurenz Albe

More information about the openssl-dev mailing list