diff options
| author | Bodo Möller <bodo@openssl.org> | 2008-09-22 21:22:47 +0000 |
|---|---|---|
| committer | Bodo Möller <bodo@openssl.org> | 2008-09-22 21:22:47 +0000 |
| commit | 837f2fc7a4a8073b269538b7d0168c0cd7edd951 (patch) | |
| tree | 348ce3ea77cb8c787c99fa7a6e35e100d6b29d9d | |
| parent | 1a489c9af1b0481ad9570968c5fecd56854580db (diff) | |
| download | openssl-837f2fc7a4a8073b269538b7d0168c0cd7edd951.tar.gz | |
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
| -rw-r--r-- | CHANGES | 11 | ||||
| -rw-r--r-- | ssl/s3_srvr.c | 30 |
2 files changed, 28 insertions, 13 deletions
@@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8i and 0.9.9 [xx XXX xxxx] + Changes between 0.9.8j and 0.9.9 [xx XXX xxxx] *) Delta CRL support. New use deltas option which will attempt to locate and search any appropriate delta CRLs available. @@ -703,6 +703,15 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] + Changes between 0.9.8i and 0.9.8j [xx XXX xxxx] + + *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior + to ensure that even with this option, only ciphersuites in the + server's preference list will be accepted. (Note that the option + applies only when resuming a session, so the earlier behavior was + just about the algorithm choice for symmetric cryptography.) + [Bodo Moeller] + Changes between 0.9.8h and 0.9.8i [15 Sep 2008] *) Fix a state transitition in s3_srvr.c and d1_srvr.c diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 8cf1e1fd82..b124a8559c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -947,22 +947,28 @@ int ssl3_get_client_hello(SSL *s) break; } } - if (j == 0) + if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) { - if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) + /* Special case as client bug workaround: the previously used cipher may + * not be in the current list, the client instead might be trying to + * continue using a cipher that before wasn't chosen due to server + * preferences. We'll have to reject the connection if the cipher is not + * enabled, though. */ + c = sk_SSL_CIPHER_value(ciphers, 0); + if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { - /* Very bad for multi-threading.... */ - s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0); - } - else - { - /* we need to have the cipher in the cipher - * list if we are asked to reuse it */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; + s->session->cipher = c; + j = 1; } } + if (j == 0) + { + /* we need to have the cipher in the cipher + * list if we are asked to reuse it */ + al=SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); + goto f_err; + } } /* compression */ |