From 0e5aa595c2a6e97a9e59664c22dfb54bdb90286a Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Fri, 8 Oct 2004 11:59:33 +0000
Subject: [PATCH] Fix CAN-2004-0885:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.

Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105396 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                         |  5 +++++
 modules/ssl/ssl_engine_init.c   |  8 ++++++++
 modules/ssl/ssl_engine_kernel.c | 15 +++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/CHANGES b/CHANGES
index 34688b0570..82523e1802 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) SECURITY: CAN-2004-0885 (cve.mitre.org)
+     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
+     bypassed during an SSL renegotiation.  PR 31505.  
+     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
+
   *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
      library handles special characters. PR 24437 [Jess Holle]
 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index d0521171a9..2a9c7a4ef8 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -443,6 +443,14 @@ static void ssl_init_ctx_protocol(server_rec *s,
      * Configure additional context ingredients
      */
     SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
+
+#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+    /* 
+     * Disallow a session from being resumed during a renegotiation,
+     * so that an acceptable cipher suite can be negotiated.
+     */
+    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
+#endif
 }
 
 static void ssl_init_ctx_session_cache(server_rec *s,
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index f137223284..6557c1f383 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -733,6 +733,21 @@ int ssl_hook_Access(request_rec *r)
                 X509_free(peercert);
             }
         }
+        
+        /*
+         * Also check that SSLCipherSuite has been enforced as expected.
+         */
+        if (cipher_list) {
+            cipher = SSL_get_current_cipher(ssl);
+            if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                             "SSL cipher suite not renegotiated: "
+                             "access to %s denied using cipher %s",
+                              r->filename,
+                              SSL_CIPHER_get_name(cipher));
+                return HTTP_FORBIDDEN;
+            }
+        }
     }
 
     /*
-- 
2.40.0