From 2043336d393ea7725942b5be81b486b214eb7b9e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Wed, 13 Nov 2019 12:23:28 +0000 Subject: [PATCH] OpenSSL: when supported by the library version, disable renegotiation for pre-TLS1.3 --- doc/doc-docbook/spec.xfpt | 2 +- doc/doc-txt/ChangeLog | 4 ++++ src/src/tls-openssl.c | 13 ++++++++++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 6b2d97b17..ceb377b0a 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -16289,7 +16289,7 @@ harm. This option overrides the &%pipe_as_creator%& option of the &(pipe)& transport driver. -.option openssl_options main "string list" "+no_sslv2 +no_sslv3 +single_dh_use +no_ticket" +.option openssl_options main "string list" "+no_sslv2 +no_sslv3 +single_dh_use +no_ticket +no_renegotiation" .cindex "OpenSSL "compatibility options" This option allows an administrator to adjust the SSL options applied by OpenSSL to connections. It is given as a space-separated list of items, diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index ac7f3357d..c5b2ca2d8 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -200,6 +200,10 @@ JH/43 Bug 2465: Fix taint-handling in dsearch lookup. Previously a nontainted buffer was used for the filename, resulting in a trap when tainted arguments (eg. $domain) were used. +JH/44 With OpenSSL 1.1.1 (onwards) disable renegotiation for TLS1.2 and below; + recommended to avoid a possible server-load attack. The feature can be + re-enabled via the openssl_options main cofiguration option. + Exim version 4.92 ----------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index e45ebd3be..db154448f 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -151,6 +151,11 @@ This list is current as of: ==> 1.0.1b <== Plus SSL_OP_SAFARI_ECDHE_ECDSA_BUG from 2013-June patch/discussion on openssl-dev Plus SSL_OP_NO_TLSv1_3 for 1.1.2-dev +Plus SSL_OP_NO_RENEGOTIATION for 1.1.1 + +XXX could we autobuild this list, as with predefined-macros? +Seems just parsing ssl.h for SSL_OP_.* would be enough. +Also allow a numeric literal? */ static exim_openssl_option exim_openssl_options[] = { /* KEEP SORTED ALPHABETICALLY! */ @@ -190,6 +195,9 @@ static exim_openssl_option exim_openssl_options[] = { #ifdef SSL_OP_NO_COMPRESSION { US"no_compression", SSL_OP_NO_COMPRESSION }, #endif +#ifdef SSL_OP_NO_RENEGOTIATION + { US"no_renegotiation", SSL_OP_NO_RENEGOTIATION }, +#endif #ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION { US"no_session_resumption_on_renegotiation", SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION }, #endif @@ -3987,6 +3995,9 @@ result |= SSL_OP_NO_SSLv3; #ifdef SSL_OP_SINGLE_DH_USE result |= SSL_OP_SINGLE_DH_USE; #endif +#ifdef SSL_OP_SINGLE_DH_USE +result |= SSL_OP_NO_RENEGOTIATION; +#endif if (!option_spec) { @@ -4019,7 +4030,7 @@ for (uschar * s = exp; *s; /**/) DEBUG(D_tls) debug_printf("openssl option setting unrecognised: \"%s\"\n", s); return FALSE; } - DEBUG(D_tls) debug_printf("openssl option, %s %8lx: %lx (%s)\n", + DEBUG(D_tls) debug_printf("openssl option, %s %08lx: %08lx (%s)\n", adding ? "adding to " : "removing from", result, item, s); if (adding) result |= item; -- 2.25.1