Code review request, 7188658 Add possibility to disable client initiated renegotiation

Thu May 30 02:04:08 UTC 2013

Am 30.05.2013, 02:18 Uhr, schrieb Xuelei Fan <xuelei.fan at oracle.com>:
>> 2381456
> Would you mind send me the link of the bug, or the code review request
> mail?  I may miss some mails about this direction.

I am afraid I cant sent the link, the Bug is in review state and therefore
not visible for me. It was acknowledged 2012-11-12, see attached. I guess
the link would be
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=2381456 (not sure if
the numbers are the same in the new bug tool).

> Good suggestion.  Oracle provider of JSSE had addressed the TLS
> renegotiation issue in JDK 1.4.2 update 26, JDK 1.5.0 update 24 and JDK
> 6u 19 around the end of 2009 and the beginning of 2010.  Here is the
> readme of the fix:
> http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html.

Thats a different problem, I was thinking about preventing execessive
client initiated renegotiations. This is for example CVE-2011-1473 from
THC.

>> You mentioned industry will move to a secure handshake - are you aware  
>> of any initiative in that direction?
>>
> See http://www.rfc.org/rfc/rfc5746.txt.  As far as I know, nearly all
> major vendors of SSL protocols has support RFC5746.

Ok, but thats a different issue. I was expecting 7188658 to address
another point, but I might be wrong.

I understand that as of Oracle policy we cannot discuss it. Even if this
is a very well known issue. :-/

Greetings
Bernd
-- 
http://bernd.eckenfels.net

Date Created: Mon Nov 12 12:13:08 MST 2012
Type:        bug
Customer Name:   Bernd Eckenfels
SDN ID:
status:      Waiting
Category:    jsse
Subcategory: runtime
release:     7
hardware:    x64
OSversion:   linux_sles11
priority:    4
Synopsis:    Excessive SSL renegotiation possible
Description:
    FULL PRODUCT VERSION :
java version "1.7.0_09"
Java(TM) SE Runtime Environment (build 1.7.0_09-b05)
Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Various Versions

A DESCRIPTION OF THE PROBLEM :
The SSL/TLS Server Socket (and SSLEngine) of JSSE seems not to protect
itself from excessive handshake requests and renegotiations. This leads to
a high CPU load. For other products this is filed as CVE-2011-1473 or
CVE-2011-5094.

A minimum solution would be to actually turn the renegotiation support
off, IBM JDK for example offers the option "com.ibm.jsse2.renegotiate"

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
- set up a JSSE ServerSocket
- connect with openssl s_client (use "R" command) or thc tool

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
after a small number of consecutive renegotiates the server should ignore
them
ACTUAL -
server-cpu is fully used

REPRODUCIBILITY :
This bug can be reproduced always.