[erlang-bugs] SSL secure renegotiation not advertised

Ingela Anderton Andin ingela.anderton.andin@REDACTED
Wed Jan 22 12:34:49 CET 2014 

Hi!

Thank you for reporting this, the following patch should solve the problem!

Regards Ingela Erlang/OTP team - Ericsson AB

diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl
index f5c0034..1a5bcee 100644
--- a/lib/ssl/src/ssl_handshake.erl
+++ b/lib/ssl/src/ssl_handshake.erl
@@ -56,7 +56,7 @@

  %% Extensions handling
  -export([client_hello_extensions/6,
-     handle_client_hello_extensions/8, %% Returns server hello extensions
+     handle_client_hello_extensions/9, %% Returns server hello extensions
       handle_server_hello_extensions/9, select_curve/2
      ]).

@@ -1088,7 +1088,7 @@ certificate_authorities_from_db(CertDbHandle, 
CertDbRef) ->

  %%-------------Extension handling --------------------------------

-handle_client_hello_extensions(RecordCB, Random,
+handle_client_hello_extensions(RecordCB, Random, CipherSuites,
              #hello_extensions{renegotiation_info = Info,
                        srp = SRP,
                        ec_point_formats = ECCFormat,
@@ -1098,7 +1098,7 @@ handle_client_hello_extensions(RecordCB, Random,
              ConnectionStates0, Renegotiation) ->
      Session = handle_srp_extension(SRP, Session0),
      ConnectionStates = handle_renegotiation_extension(server, 
RecordCB, Version, Info,
-                              Random, CipherSuite, Compression,
+                              Random, CipherSuite, CipherSuites, 
Compression,
                                ConnectionStates0, Renegotiation, 
SecureRenegotation),
      ProtocolsToAdvertise = 
handle_next_protocol_extension(NextProtocolNegotiation, Renegotiation, 
Opts),

@@ -1117,7 +1117,8 @@ handle_server_hello_extensions(RecordCB, Random, 
CipherSuite, Compression,
                     #ssl_options{secure_renegotiate = SecureRenegotation,
                          next_protocol_selector = NextProtoSelector},
                     ConnectionStates0, Renegotiation) ->
-    ConnectionStates = handle_renegotiation_extension(client, RecordCB, 
Version, Info, Random, CipherSuite,
+    ConnectionStates = handle_renegotiation_extension(client, RecordCB, 
Version, Info, Random,
+                              CipherSuite, undefined,
                                Compression, ConnectionStates0,
                                Renegotiation, SecureRenegotation),
      case handle_next_protocol(NextProtocolNegotiation, 
NextProtoSelector, Renegotiation) of
@@ -1415,11 +1416,11 @@ calc_master_secret({3,0}, _PrfAlgo, 
PremasterSecret, ClientRandom, ServerRandom)
  calc_master_secret({3,_}, PrfAlgo, PremasterSecret, ClientRandom, 
ServerRandom) ->
      tls_v1:master_secret(PrfAlgo, PremasterSecret, ClientRandom, 
ServerRandom).

-handle_renegotiation_extension(Role, RecordCB, Version, Info, Random, 
CipherSuite, Compression,
+handle_renegotiation_extension(Role, RecordCB, Version, Info, Random, 
CipherSuite, CipherSuites, Compression,
                     ConnectionStates0, Renegotiation, 
SecureRenegotation) ->
      case handle_renegotiation_info(RecordCB, Role, Info, 
ConnectionStates0,
                     Renegotiation, SecureRenegotation,
-                   [CipherSuite]) of
+                   CipherSuites) of
      {ok, ConnectionStates} ->
          hello_pending_connection_states(RecordCB, Role,
                          Version,
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 003614b..1ec1e67 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -52,9 +52,9 @@ client_hello(Host, Port, ConnectionStates,
      Pending = ssl_record:pending_connection_state(ConnectionStates, read),
      SecParams = Pending#connection_state.security_parameters,
      CipherSuites = ssl_handshake:available_suites(UserSuites, Version),
-
-    Extensions = ssl_handshake:client_hello_extensions(Host, Version, 
CipherSuites,
-                        SslOpts, ConnectionStates, Renegotiation),
+    Extensions = ssl_handshake:client_hello_extensions(Host, Version,
+                               CipherSuites,
+                               SslOpts, ConnectionStates, Renegotiation),

      Id = ssl_session:client_id({Host, Port, SslOpts}, Cache, CacheCb, 
OwnCert),

@@ -87,8 +87,8 @@ hello(#server_hello{server_version = Version, random = 
Random,
        ConnectionStates0, Renegotiation) ->
      case tls_record:is_acceptable_version(Version, SupportedVersions) of
      true ->
-        handle_hello_extensions(Version, SessionId, Random, CipherSuite,
-                    Compression, HelloExt, SslOpt, ConnectionStates0, 
Renegotiation);
+        handle_server_hello_extensions(Version, SessionId, Random, 
CipherSuite,
+                       Compression, HelloExt, SslOpt, 
ConnectionStates0, Renegotiation);
      false ->
          ?ALERT_REC(?FATAL, ?PROTOCOL_VERSION)
      end;
@@ -113,9 +113,9 @@ hello(#client_hello{client_version = ClientVersion,
          no_suite ->
              ?ALERT_REC(?FATAL, ?INSUFFICIENT_SECURITY);
          _ ->
-            handle_hello_extensions(Version, Type, Random, HelloExt,
-                        SslOpts, Session1, ConnectionStates0,
-                        Renegotiation)
+            handle_client_hello_extensions(Version, Type, Random, 
CipherSuites, HelloExt,
+                           SslOpts, Session1, ConnectionStates0,
+                           Renegotiation)
          end;
      false ->
          ?ALERT_REC(?FATAL, ?PROTOCOL_VERSION)
@@ -217,8 +217,10 @@ enc_handshake(HandshakeMsg, Version) ->
      ssl_handshake:encode_handshake(HandshakeMsg, Version).


-handle_hello_extensions(Version, Type, Random, HelloExt, SslOpts, 
Session0, ConnectionStates0, Renegotiation) ->
-    try ssl_handshake:handle_client_hello_extensions(tls_record, 
Random, HelloExt, Version, SslOpts,
+handle_client_hello_extensions(Version, Type, Random, CipherSuites,
+            HelloExt, SslOpts, Session0, ConnectionStates0, 
Renegotiation) ->
+    try ssl_handshake:handle_client_hello_extensions(tls_record, 
Random, CipherSuites,
+                             HelloExt, Version, SslOpts,
                               Session0, ConnectionStates0, 
Renegotiation) of
      {Session, ConnectionStates, ServerHelloExt} ->
          {Version, {Type, Session}, ConnectionStates, ServerHelloExt}
@@ -227,7 +229,7 @@ handle_hello_extensions(Version, Type, Random, 
HelloExt, SslOpts, Session0, Conn
      end.


-handle_hello_extensions(Version, SessionId, Random, CipherSuite,
+handle_server_hello_extensions(Version, SessionId, Random, CipherSuite,
              Compression, HelloExt, SslOpt, ConnectionStates0, 
Renegotiation) ->
      case ssl_handshake:handle_server_hello_extensions(tls_record, 
Random, CipherSuite,
                                Compression, HelloExt, Version,
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl 
b/lib/ssl/test/ssl_basic_SUITE.erl
index bc7e68a..1006b23 100644

On 01/21/2014 05:09 PM, Emile Joubert wrote:
>
> Hi,
>
> A RabbitMQ customer has reported an issue with secure renegotiation of
> SSL connections on versions of Erlang from R16B02. On earlier versions
> the server advertises support for secure connections with the relevant
> extension, e.g. OpenSSL reports
>
>   TLS server extension "renegotiation info" (id=65281), len=1
>   ...
>   Secure Renegotiation IS supported
>
> On R16B02 and R16B03 the extension is missing, end OpenSSL reports:
>
>   TLS server extension "elliptic curves" (id=10), len=52
>   TLS server extension "EC point formats" (id=11), len=2
>   ...
>   Secure Renegotiation IS NOT supported
>
> Setting {secure_renegotiate, boolean()} makes no difference. Is this a
> bug or is there another way to get the server to be recognised as
> RFC5746-compliant?
>
>
>
>
> Emile
> RabbitMQ
>
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs
>

More information about the erlang-bugs mailing list