Skip to content

Added BR_OPT_NO_RENEGOTIATION flag to forbid TLS renegociation #6165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 30, 2019
Merged

Added BR_OPT_NO_RENEGOTIATION flag to forbid TLS renegociation #6165

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -827,6 +827,7 @@ extern "C" {
uint16_t suites[cipher_cnt];
memcpy_P(suites, cipher_list, cipher_cnt * sizeof(cipher_list[0]));
br_ssl_client_zero(cc);
br_ssl_engine_add_flags(&cc->eng, BR_OPT_NO_RENEGOTIATION); // forbid SSL renegociation, as we free the Private Key after handshake
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good catch. I'm not quite sure whether it's the right solution or if we should undo the dropping of X509 after connection.

After looking at the RFC I see this could cause two problem in two ways (and dropping X509 would need to be undone):

  1. When more 2^64 messages are sent and the sequence num needs to overflow. This one we can probably ignore.
  2. Servers are free to reject connections with this option sent in the HELLO. Unfortunately I don't know how prevalent this would be.

I'm inclined to say no. 2 happens very infrequently and go with this fix. If we get feedback otherwise we can undo this and the original drop-x509-after-handshake patch.

br_ssl_engine_set_versions(&cc->eng, BR_TLS10, BR_TLS12);
br_ssl_engine_set_suites(&cc->eng, suites, (sizeof suites) / (sizeof suites[0]));
br_ssl_client_set_default_rsapub(cc);
Expand Down