530575 - (CVE-2009-3555) expose TLS enableRequireSafeNegotiation

Status: RESOLVED FIXED

(JSS Graveyard :: Library, defect, P1)

Description

[glen beasley]

expose support for enableRequireSafeNegotiation after NSS has provided the 
functionality. 

see Bug 527240 which provided support to enable/disable renegotiation in JSS 4.3.1

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

Glen, I suggest you wait on this until 3.12.6 is closer to release.
There's a chance that the IETF TLS working group will standardize on something 
VERY different than what we've been working on for the last 6 weeks, and it
might have API implications.

Comment 2

[glen beasley]

Thanks nelson. I am waiting. my main goal was to close bug 527240 since JSS 4.3.1 (and NSS 3.12.5) RTM'd, then I opened this new bug to address the fact that JSS will likely need to expose more functionality related to CVE-2009-3555 once NSS provides the support.

Comment 3

[glen beasley]

Attachment: expose SSL_REQUIRE_SAFE_NEGOTIATION

this patch exposes to JSS the NSS configuration option SSL_REQUIRE_SAFE_NEGOTIATION and update the options for SSL_ENABLE_RENEGOTIATION by adding SSL_RENEGOTIATE_TRANSITIONAL and updating the comments regarding SSL_RENEGOTIATE_REQUIRES_XTN.
 
This patch also updates JSS versions of SSLerrs.h.

The basic testing performed was simply to check if the options are set
correctly.

Comment 4

[Wan-Teh Chang]

Comment on attachment 429290 [details] [diff] [review]
expose SSL_REQUIRE_SAFE_NEGOTIATION

r=wtc.

In ssl/SSLServerSocket.java:  I suggest two comment changes for this file.
Please make the same changes to ssl/SSLSocket.java (there are two
occurrences of each change in ssl/SSLSocket.java).

>      *      SSLSocket.SSL_RENEGOTIATE_UNRESTRICTED - Renegotiate without
>-     *      restriction, whether or not the peer's client hello bears the
>-     *      renegotiation info extension (like we always did in the past).
>+     *      restriction, whether or not the peer's client hello bears the TLS
>+     *      renegotiation info extension. Vulnerable, as in the past.

Change "client hello" to "client hello or server hello" or just "hello".
(The comment for SSL_RENEGOTIATE_REQUIRES_XTN below uses just "hello".)
I know this comment comes from NSS.

>+     *      SSLSocket.SSL_RENEGOTIATE_TRANSITIONAL - Disallow unsafe
>+     *      renegotiation in server sockets only, but allow clients
>+     *      to continue to renegotiate with vulnerable servers.
>+     *      This value should only be used during the transition period
>+     *      when few servers have been upgraded.
>      *
>-     *      SSLSocket.SSL_RENEGOTIATE_REQUIRES_XTN - NOT YET IMPLEMENTED
>      */

Nit: delete the blank comment line at the end.

Comment 5

[Alexei Volkov]

Thanks, Glen, for the patch. Please update the bug when you commit the changes.

Comment 6

[glen beasley]

Thanks for the review wan-teh. 

Checking in SSLServerSocket.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java,v  <--  SSLServerSocket.java
new revision: 1.27; previous revision: 1.26
done
Checking in SSLSocket.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java,v  <--  SSLSocket.java
new revision: 1.32; previous revision: 1.31
done
Checking in SocketBase.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java,v  <--  SocketBase.java
new revision: 1.19; previous revision: 1.18
done
Checking in common.c;
/cvsroot/mozilla/security/jss/org/mozilla/jss/ssl/common.c,v  <--  common.c
new revision: 1.32; previous revision: 1.31
done

Comment 7

[glen beasley]

Attachment: patch as checked in