Conversation

OpenSSL security fixes dropped. CVE-2021-3450 is a complete certificate verification bypass in niche non-standard configurations. CVE-2021-3449 is a NULL pointer dereference crash in default server configurations. openssl.org/news/secadv/20

129

236

Filippo Valsorda

@FiloSottile

Mar 25, 2021

CVE-2021-3450 is kinda delightful because it was introduced by a change that rejects custom curve parameters (which is what broke Windows last year), and it only affects X509_V_FLAG_X509_STRICT mode. Complexity is killer.

Filippo Valsorda

@FiloSottile

Mar 25, 2021

CVE-2021-3449 looks like it could have been found easily if anyone figured out how to fuzz renegotiation, but renegotiation is sadness. Anyway, sounds like you can crash most OpenSSL servers on the Internet today.

Replying to

There's this note for CVE-2021-3449: > A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). Disabling client-initiated renegotiation is a standard security measure checked by internet.nl for web/mail servers.

Replying to

and

Client-initiated renegotiation is disabled by default in nginx since November 2009. It should be disabled elsewhere too and should really be disabled by default in a future major version OpenSSL. It's unnecessary attack surface and has been known to be for a very long time.

2:41 PM · Mar 25, 2021Twitter Web App

Replying to

and

Here's how you can disable it for Postfix: tls_ssl_options = NO_RENEGOTIATION I strongly recommend using internet.nl as a helpful tool for testing web and email servers. Most email servers don't even have authenticated TLS. It's easy to fix that for one server.

Replying to

and

It's a good example of OpenSSL's failure to address security systemically rather than case-by-case. TLS 1.3 got rid of this and BoringSSL disables it by default as part of far broader attack surface reduction. I'm glad AOSP completely moved to BoringSSL from a mix of libraries.

Replying to

and

It's not enabled by default on Apache either. Not sure if it's even supported.

Show additional replies, including those that may contain offensive content

Show