Fail if SSLInsecureRenegotiation is used with mod_ssl, CVE-2009-3555

is now approaching 15 years old.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLInsecureRenegotiation):
  Fail if used.
  (ssl_config_server_new, ssl_config_server_merge): Remove insecure
  reneg handling.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Remove
  insecure_reneg handling.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1917600 13f79535-47bb-0310-9956-ffa450edef68

Author: notroj

docs/manual/mod/mod_ssl.xml

@@ -2623,50 +2623,6 @@ all queries to OCSP responders.</p>
 </usage>
 </directivesynopsis>
 
-<directivesynopsis>
-<name>SSLInsecureRenegotiation</name>
-<description>Option to enable support for insecure renegotiation</description>
-<syntax>SSLInsecureRenegotiation on|off</syntax>
-<default>SSLInsecureRenegotiation off</default>
-<contextlist><context>server config</context>
-<context>virtual host</context></contextlist>
-<compatibility>Available if using OpenSSL 0.9.8m or later</compatibility>
-
-<usage>
-<p>As originally specified, all versions of the SSL and TLS protocols
-(up to and including TLS/1.2) were vulnerable to a Man-in-the-Middle
-attack
-(<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2009-3555">CVE-2009-3555</a>)
-during a renegotiation.  This vulnerability allowed an attacker to
-"prefix" a chosen plaintext to the HTTP request as seen by the web
-server.  A protocol extension was developed which fixed this
-vulnerability if supported by both client and server.</p>
-
-<p>If <module>mod_ssl</module> is linked against OpenSSL version 0.9.8m
-or later, by default renegotiation is only supported with
-clients supporting the new protocol extension.  If this directive is
-enabled, renegotiation will be allowed with old (unpatched) clients,
-albeit insecurely.</p>
-
-<note type="warning"><title>Security warning</title>
-<p>If this directive is enabled, SSL connections will be vulnerable to
-the Man-in-the-Middle prefix attack as described
-in <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2009-3555">CVE-2009-3555</a>.</p>
-</note>
-
-<example><title>Example</title>
-<highlight language="config">
-SSLInsecureRenegotiation on
-</highlight>
-</example>
-
-<p>The <code>SSL_SECURE_RENEG</code> environment variable can be used
-from an SSI or CGI script to determine whether secure renegotiation is
-supported for a given SSL connection.</p>
-
-</usage>
-</directivesynopsis>
-
 <directivesynopsis>
 <name>SSLUseStapling</name>
 <description>Enable stapling of OCSP responses in the TLS handshake</description>

modules/ssl/ssl_engine_config.c

@@ -214,7 +214,6 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
     sc->vhost_id               = NULL;  /* set during module init */
     sc->session_cache_timeout  = UNSET;
     sc->cipher_server_pref     = UNSET;
-    sc->insecure_reneg         = UNSET;
 #ifdef HAVE_TLSEXT
     sc->strict_sni_vhost_check = SSL_ENABLED_UNSET;
 #endif
@@ -348,7 +347,6 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
     cfgMerge(enabled, SSL_ENABLED_UNSET);
     cfgMergeInt(session_cache_timeout);
     cfgMergeBool(cipher_server_pref);
-    cfgMergeBool(insecure_reneg);
 #ifdef HAVE_TLSEXT
     cfgMerge(strict_sni_vhost_check, SSL_ENABLED_UNSET);
 #endif
@@ -983,14 +981,7 @@ const char *ssl_cmd_SSLSessionTickets(cmd_parms *cmd, void *dcfg, int flag)
 
 const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag)
 {
-#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-    sc->insecure_reneg = flag?TRUE:FALSE;
-    return NULL;
-#else
-    return "The SSLInsecureRenegotiation directive is not available "
-        "with this SSL library";
-#endif
+    return "The SSLInsecureRenegotiation directive is no longer supported";
 }
 
 
@@ -2648,7 +2639,6 @@ static void ssl_srv_dump(SSLSrvConfigRec *sc, apr_pool_t *p,
     modssl_ctx_dump(sc->server, p, 0, out, indent, psep);
 
     DMP_LONG(  "SSLSessionCacheTimeout", sc->session_cache_timeout);
-    DMP_ON_OFF("SSLInsecureRenegotiation", sc->insecure_reneg);
     DMP_ON_OFF("SSLStrictSNIVHostCheck", sc->strict_sni_vhost_check);
     DMP_ON_OFF("SSLSessionTickets", sc->session_tickets);
 }

modules/ssl/ssl_engine_init.c

@@ -847,12 +847,6 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
     }
 #endif
 
-#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-    if (sc->insecure_reneg == TRUE) {
-        SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
-    }
-#endif
-
     SSL_CTX_set_app_data(ctx, s);
 
     /*

modules/ssl/ssl_private.h

@@ -825,7 +825,6 @@ struct SSLSrvConfigRec {
     const unsigned char *vhost_md5; /* = ap_md5_binary(vhost_id, ...) */
     int              session_cache_timeout;
     BOOL             cipher_server_pref;
-    BOOL             insecure_reneg;
     modssl_ctx_t    *server;
 #ifdef HAVE_TLSEXT
     ssl_enabled_t    strict_sni_vhost_check;