VU#120541/CVE-2009-3555 and IMAPS/POPS with nginx

I’ve patched nginx, and tested https, POPS, and IMAPS. https fails
correctly:


R
RENEGOTIATING

3915:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:

However, POPS and IMAPS do not:


  • OK IMAP4 ready
    R
    RENEGOTIATING

+OK POP3 ready
R
RENEGOTIATING

It seems the patch only correctly handles HTTPS, and not these other
protocols.

–Quanah

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Hello!

On Fri, Nov 20, 2009 at 03:14:29PM -0800, Quanah Gibson-Mount wrote:

However, POPS and IMAPS do not:
R
RENEGOTIATING

It seems the patch only correctly handles HTTPS, and not these other
protocols.

What patch you used, nginx version and openssl version? Recent
nginx versions (0.8.23+, 0.7.64) already has workarounds for older
openssl libraries and correctly disable renegotiation in all
mentioned cases, closing connection immediately. At least they do
so on all openssl versions I’ve tested.

The only connection hang till timeout I’m aware of is proxy_pass
https://… when backend asks for renegotiation. It isn’t easy
to catch this case without touching openssl code (or enabling
renegotiation), so it was left as is. After all, it’s openssl
problem.

Maxim D.

–On Saturday, November 21, 2009 3:12 AM +0300 Maxim D.
[email protected] wrote:

openssl libraries and correctly disable renegotiation in all
mentioned cases, closing connection immediately. At least they do
so on all openssl versions I’ve tested.

nginx-0.5.37 + security patches
(http://sysoev.ru/nginx/patch.cve-2009-3555.txt, etc)
openssl 0.9.8l

As I noted, it correctly hangs up HTTPS. It leaves POPS and IMAPS open.

–Quanah

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Hello!

On Fri, Nov 20, 2009 at 04:18:10PM -0800, Quanah Gibson-Mount wrote:

As I noted, it correctly hangs up HTTPS. It leaves POPS and IMAPS open.
Just tested - works ok here.

Are you sure you aren’t used openssl 0.9.8l s_client for
imaps/pop3s tests? It has renegotiation disabled and can’t be
used for testing (“R” only prints “RENEGOTIATING” and do nothing).

Maxim D.

Hello!

On Fri, Nov 20, 2009 at 05:15:13PM -0800, Quanah Gibson-Mount wrote:

As I noted, it correctly hangs up HTTPS. It leaves POPS and IMAPS open.
[[email protected] ~]# /usr/bin/openssl s_client -ssl3 -connect

CONNECTED(00000003)
R
RENEGOTIATING

(hang for over 20 minutes)

Which event method do you use? I’m able to reproduce similar
problem here using select or poll event methods, kqueue works ok.

Looks like the following bug, fixed in 0.7.7:

*) Bugfix: mail proxy SSL connections hanged, if select, poll, or
   /dev/poll methods were used.

This bugfix wasn’t merged to 0.6.* branch, so it shows similar
behaviour. Both 0.8.* and 0.7.* works ok in all tested cases.

Probably it’s just time to upgrade. :slight_smile:

Note well - I’m not observing infinite hang, it still times out as
specified in config via timeout directive (by default after 60s).
If your config implies timeout shorter than 20 minutes - it may be
in fact different problem (but likely related).

Maxim D.

–On Saturday, November 21, 2009 5:51 AM +0300 Maxim D.
[email protected] wrote:

nginx-0.5.37 + security patches
used for testing (“R” only prints “RENEGOTIATING” and do nothing).


Protocol : SSLv3
Which event method do you use? I’m able to reproduce similar
Probably it’s just time to upgrade. :slight_smile:

Note well - I’m not observing infinite hang, it still times out as
specified in config via timeout directive (by default after 60s).
If your config implies timeout shorter than 20 minutes - it may be
in fact different problem (but likely related).

Thanks for your help in tracking this down! I’ll update our bug on
upgrading. :wink:

–Quanah

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

–On Saturday, November 21, 2009 3:51 AM +0300 Maxim D.
[email protected] wrote:

Are you sure you aren’t used openssl 0.9.8l s_client for
imaps/pop3s tests? It has renegotiation disabled and can’t be
used for testing (“R” only prints “RENEGOTIATING” and do nothing).

[[email protected] ~]# /usr/bin/openssl version
OpenSSL 0.9.7a Feb 19 2003

[[email protected] ~]# /usr/bin/openssl s_client -ssl3 -connect
perf11.lab.zimbra.com:443
CONNECTED(00000003)

[snip]


New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3


R
RENEGOTIATING
22917:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:

As you can see, HTTPS correctly hangs up.

[[email protected] ~]# /usr/bin/openssl s_client -ssl3 -connect
perf11.lab.zimbra.com:993
CONNECTED(00000003)

[snip]
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv3


  • OK IMAP4 ready
    R
    RENEGOTIATING

(hang for over 20 minutes)

–Quanah

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc