Here's a quick demonstration of what I'm talking about with net/prosody, using
testssl.sh[1]:
$ testssl.sh -t xmpp -R example.com:5222
[ snip... ]
Testing for Renegotiation vulnerabilities
Secure Renegotiation (RFC 5746) supported (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat
I've found this issue in two ports so far (net/prosody, telephony/coturn) and
suspect it may be in others due to the nature of the problem, which I'll get
into more in a moment. Upstream for net/prosody patched it May 12th of 2021[2],
so I was led to believe that it might be a local problem.
net/prosody relies on security/luasec to deal with TLS. In certmanager.lua[3], it's
clear that it means to disable renegotiation based on these two lines in the
source (in different sections).
no_renegotiation = test_option("no_renegotiation");
no_renegotiation = luasec_has.options.no_renegotiation;
However, the problem is that security/luasec expects the option to be named
SSL_OP_NO_RENEGOTIATION and it's actually named SSL_OP_NO_CLIENT_RENEGOTIATION
in the OpenBSD source tree. This is shown in options.c[4] and in
lib/libssl/ssl.h[5].
#if defined(SSL_OP_NO_RENEGOTIATION)
{"no_renegotiation", SSL_OP_NO_RENEGOTIATION},
No comments:
Post a Comment