Re: SSL_CTX_clear_options(ssl_ctx, SSL_CTX_get_options(ssl_ctx))

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: SSL_CTX_clear_options(ssl_ctx, SSL_CTX_get_options(ssl_ctx))

Viktor Dukhovni
On Thu, Jun 12, 2014 at 11:49:39AM +0200, Dimitrios Apostolou wrote:

> >The options start out "clear" by default.
>
> Are you positive on that? I'm quite sure that SSL_OP_LEGACY_SERVER_CONNECT
> is on for example.

I was not sure, looking at the code for SSL_CTX_new() in the "master"
development branch I see options starting as zero, and then if ticket
key initialization fails:

    ret->options |= SSL_OP_NO_TICKET;

then unconditional:

    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;

So yes, it appears that "clear by default" used to be true, but
then ticket support and renegotiation work-arounds were added and
the assumption that the initial slate is clean became false.

Mixing policy settings (SSL_OP_LEGACY_SERVER_CONNECT) which are OK
to clear, with runtime error status (SSL_OP_NO_TICKET) is rather
unfortunate.  I would call this a bug.

Failure to automatically generate ticket keys MUST NOT change
policy, for example, the application may provide its own keys later,
and if the user clears the options, tickets should not be used with
missing key material.

So the state bit for lack of keys belongs elsewhere.  This would
leave just SSL_OP_LEGACY_SERVER_CONNECT as a default option, which
you may choose to clear.  For now, don't clear SSL_OP_NO_TICKET if
it is already set unless you've provided your own session tickets.

--
        VIktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL_CTX_clear_options(ssl_ctx, SSL_CTX_get_options(ssl_ctx))

Viktor Dukhovni
On Fri, Jun 13, 2014 at 03:53:07AM +0000, Viktor Dukhovni wrote:

> For now, don't clear SSL_OP_NO_TICKET if
> it is already set unless you've provided your own session tickets.

That is your own session ticket keys.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]