Commit db1a856b authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

OpenSSL: don't disable security work-around 

OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds.

The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix.

In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this.

Reported by: product-security at Apple
parent ee57e9de

lib/ssluse.c

+11 −0
Original line number Diff line number Diff line
@@ -1545,6 +1545,13 @@ ossl_connect_step1(struct connectdata *conn, 
     become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate

     CVE-2010-4180 when using previous OpenSSL versions we no longer enable

     this option regardless of OpenSSL version and SSL_OP_ALL definition.



     OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability

     (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to

     SSL_OP_ALL that _disables_ that work-around despite the fact that

     SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to

     keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit

     must not be set.

  */



  ctx_options = SSL_OP_ALL;
@@ -1558,6 +1565,10 @@ ossl_connect_step1(struct connectdata *conn, 
  ctx_options &= ~SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;

#endif



#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

  ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;

#endif



  /* disable SSLv2 in the default case (i.e. allow SSLv3 and TLSv1) */

  if(data->set.ssl.version == CURL_SSLVERSION_DEFAULT)

    ctx_options |= SSL_OP_NO_SSLv2;