1680118 – unorderly connection close when client attempts renegotiation

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1680118 - unorderly connection close when client attempts renegotiation

Summary: unorderly connection close when client attempts renegotiation

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	httpd
Sub Component:
Version:	8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.4
Assignee:	Luboš Uhliarik
QA Contact:	Branislav Náter
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1950011
TreeView+	depends on / blocked

Reported:	2019-02-22 18:10 UTC by Alicja Kario
Modified:	2021-05-18 15:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1950011 (view as bug list)
Environment:
Last Closed:	2021-05-18 15:41:00 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Alicja Kario 2019-02-22 18:10:43 UTC

Description of problem:
When TLS 1.2 client attempts client initiated renegotiation, httpd just closes the TCP connection. RFC 5246 specifies the no_renegotiation alert as the recommended way to inform client that renegotiation is not supported. The server in such situation shouldn't close the connection, but allow the client to select next course of action.

Version-Release number of selected component (if applicable):
httpd-2.4.37-10.module+el8+2764+7127e69e.x86_64
mod_ssl-2.4.37-10.module+el8+2764+7127e69e.x86_64
openssl-1.1.1-8.el8.x86_64

How reproducible:
always

Steps to Reproduce:
setup mod_ssl with default configuration

git clone https://github.com/tomato42/tlsfuzzer
pushd tlsfuzzer
git clone https://github.com/tomato42/tlslite-ng .tlslite-ng
ln -s .tlslite-ng/tlslite tlslite
git clone https://github.com/warner/python-ecdsa .python-ecdsa
ln -s .python-ecdsa/src/ecdsa ecdsa
PYTHONPATH=. python3 scripts/test-renegotiation-disabled.py -h localhost -p 443 "try secure renegotiation with GET after 2nd CH"


Actual results:
try secure renegotiation with GET after 2nd CH ...
Error encountered while processing node <tlsfuzzer.expect.ExpectAlert object at 0x7fdf7dd73208> (child: <tlsfuzzer.messages.ApplicationDataGenerator object at 0x7fdf7dd73278>) with last message being: None
Error while processing
Traceback (most recent call last):
  File "/root/tlsfuzzer/tlsfuzzer/runner.py", line 184, in run
    header, parser = self.state.msg_sock.\
  File "/root/tlsfuzzer/tlslite/messagesocket.py", line 102, in recvMessageBlocking
    for res in self.recvMessage():
  File "/root/tlsfuzzer/tlslite/messagesocket.py", line 84, in recvMessage
    for ret in self.recvRecord():
  File "/root/tlsfuzzer/tlslite/recordlayer.py", line 894, in recvRecord
    for result in self._recordSocket.recv():
  File "/root/tlsfuzzer/tlslite/recordlayer.py", line 211, in recv
    for record in self._recvHeader():
  File "/root/tlsfuzzer/tlslite/recordlayer.py", line 145, in _recvHeader
    for result in self._sockRecvAll(1):
  File "/root/tlsfuzzer/tlslite/recordlayer.py", line 132, in _sockRecvAll
    raise TLSAbruptCloseError()
tlslite.errors.TLSAbruptCloseError: TLSAbruptCloseError()

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "scripts/test-renegotiation-disabled.py", line 283, in main
    runner.run()
  File "/root/tlsfuzzer/tlsfuzzer/runner.py", line 207, in run
    "Unexpected closure from peer")
AssertionError: Unexpected closure from peer

Expected results:
try secure renegotiation with GET after 2nd CH ...
ok

Additional info:
While the RFC recommends continuation of the connection, it is technically acceptable to close the connection by sending two alerts, first no_renegotiation to announce lack of support and then close_notify to perform orderly shutdown.

if this is the expected behaviour of httpd, the script can be run like so to verify it:
PYTHONPATH=. python3 scripts/test-renegotiation-disabled.py -h localhost -p 443 --no-renego-close "try secure renegotiation with GET after 2nd CH"

Comment 1 Joe Orton 2020-05-04 15:52:27 UTC

In progress via https://github.com/apache/httpd/pull/121 which switches to use SSL_OP_NO_RENEGOTIATION

It looks like OpenSSL/mod_ssl are not sending the final close_notify in this case though, will need to investigate further why.

Comment 2 Joe Orton 2020-09-21 11:24:36 UTC

As of the upstream https://svn.apache.org/viewvc?view=revision&revision=1877397

the testing output now looks like:

$ openssl s_client -debug -tls1_2 -connect localhost:8532
...
R
RENEGOTIATING
write to 0x55714a26a520 [0x55714a281e30] (231 bytes => 231 (0xE7))
0000 - 16 03 03 00 e2 73 f3 c8-9b ce db d6 96 63 d3 61   .....s.......c.a
0010 - bb f3 ec 11 4b 36 f6 54-65 7f 66 40 f1 81 47 29   ....K6.Te.f@..G)
0020 - 97 45 c0 32 5d d2 19 44-58 20 34 e3 d7 59 4b 84   .E.2]..DX 4..YK.
0030 - 04 8b 44 fe 23 3e d9 86-18 75 98 a8 e8 4d 08 33   ..D.#>...u...M.3
0040 - 55 be 63 94 ae 6a 47 58-35 08 19 bb e0 b0 79 26   U.c..jGX5.....y&
0050 - c7 71 67 ed 2d 26 4f 84-70 9e 0f e2 a8 03 cb ff   .qg.-&O.p.......
0060 - 6b e7 74 ba bc 37 3f d1-ee 21 1e 85 84 d1 94 30   k.t..7?..!.....0
0070 - 71 40 7a 8b 14 63 78 2d-c2 0d 9d 89 df bc 5e 61   q@z..cx-......^a
0080 - e0 44 eb 5c fc 1c e8 ad-f9 c6 1f a2 40 92 62 fe   .D.\........@.b.
0090 - ee f3 ba bf d0 ff cf 6c-c9 b2 10 72 b9 30 2e 7f   .......l...r.0..
00a0 - 16 a7 8b a5 62 0b 87 71-17 1b 51 ee f2 d6 83 1c   ....b..q..Q.....
00b0 - 41 ec f4 19 a6 6c 7b 86-df ec 69 c9 e1 8a 30 5b   A....l{...i...0[
00c0 - b5 a6 69 f0 bb b7 23 b0-c2 e1 ce 5a 72 31 7a d7   ..i...#....Zr1z.
00d0 - 1d 9b 58 17 14 1f ae d7-72 25 44 0b 87 96 66 24   ..X.....r%D...f$
00e0 - a8 22 7a f6 e9 68 a7                              ."z..h.
read from 0x55714a26a520 [0x55714a278c13] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 1a                                    .....
read from 0x55714a26a520 [0x55714a278c18] (26 bytes => 26 (0x1A))
0000 - 4c d1 cc c9 dd 22 8e a3-b5 b0 d9 0c b0 59 16 d1   L....".......Y..
0010 - d1 89 15 ac 7c 25 31 8f-8d 87                     ....|%1...
write to 0x55714a26a520 [0x55714a281e30] (31 bytes => 31 (0x1F))
0000 - 15 03 03 00 1a 73 f3 c8-9b ce db d6 97 e2 c1 1d   .....s..........
0010 - d2 e4 71 ab 88 49 6c 73-ba 78 4f de 5f 71 fe      ..q..Ils.xO._q.
140656954001216:error:14094153:SSL routines:ssl3_read_bytes:no renegotiation:ssl/record/rec_layer_s3.c:1560:
read from 0x55714a26a520 [0x55714a1a49b0] (8192 bytes => 0 (0x0))

which I think means the close_notify is still missing.

Comment 16 errata-xmlrpc 2021-05-18 15:41:00 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: httpd:2.4 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:1809

Note You need to log in before you can comment on or make changes to this bug.