
OpenSSL Security Advisory - Tomte
https://www.openssl.org/news/secadv/20170216.txt
======
throwaway2048
What is the point of renegotiation of ssl/tls sessions? It seems to have very
limited use cases, but is the source of an almost infinite amount of
vulnerabilities.

Is there ever a real reason to want to suddenly change cipher suites half way
through a session?

It seems a solid 20-30% of serious openssl vulns are renegotiation related.

~~~
paulddraper
Renegotiation is a huge win for performance.

Despite the common belief, SSL negotiation introduces significant overhead and
latency.

~~~
agl
I think you have session resumption in mind. Renegotiation is different and
involves performing more than one handshake per connection.

~~~
paulddraper
Oh, thanks. Hm...then I agree with parent; I have no idea what renegotiation
is for.

------
compuguy
Since Ubuntu 14.04 is still on openssl version 1.0.1f, is that version
applicable to this security advisory?

~~~
lfam
OpenSSL 1.0.1f is completely unsupported by the OpenSSL project, as that
advisory points out:

Support for version 1.0.1 ended on 31st December 2016. Support for versions
0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer
receiving security updates.

Since 1.0.2 is not vulnerable, it seems unlikely that the bug would be in
1.0.1.

~~~
paulddraper
Ubuntu 14.04 is LTS though, so they'll be updating to a supported version of
OpenSSL, just as they've done with, say, OpenJDK (
[https://bugs.launchpad.net/trusty-
backports/+bug/1368094](https://bugs.launchpad.net/trusty-
backports/+bug/1368094) ).

</s>

I love Ubuntu; the "LTS" part is a bit of a joke.

~~~
kbenson
That not backporting, that's a package upgrade request. Backporting[1] is
something different, and applies to features and bug fixes being ported back
to older versions of a product, not providing an upgraded package for an older
product. All the enterprise class distributions backport (for good reason).
Some also provide the occassional package upgrades (such as those that roll
out at RHEL point-releases).

1:
[https://access.redhat.com/security/updates/backporting](https://access.redhat.com/security/updates/backporting)

~~~
kikoreis
In Ubuntu terms a backport is when a newer version of a package is made
available in an existing release. With few exceptions (see
MicroReleaseExceptions) versions of packages in a distro release are not
updated, which is why the backports pockets exist.

We certainly provide security updates for packages in main for the LTS
lifetime.

~~~
kbenson
That's unfortunate, as there has been accepted terminology that differentiates
those concepts for quite a while in the enterprise distribution space, likely
predating Ubuntu's existence. Backports as you describe them here are referred
to as "rebasing" in RHEL's parlance.

I understand where the difference comes from though, Debian. The problem is
that Debian serves a different need, and is not really an "enterprise" distro.
That's not to imply it isn't a quality distribution, but their purposes are
not necessarily aligned with the needs of organizations which may be managing
hundreds or more systems all at once. Debian "backports" newer packages from
testing to to current to deal with needed fixes, while enterprise
distributions "backport" the patches to make sure the package behavior doesn't
inadvertently change due to some other changes in the package during the time
since it was first included.

Ubuntu's beginnings as an offshoot of Debian show here, but that's where
there's a disconnect between the terminology they use and that of most other
distributions that target the enterprise (which admittedly Ubuntu only does
partially). I can't really blame Ubuntu for their use of the terminology,
since it does have historical precedence for them, and they are't even
entirely an enterprise distro (by which I mean they also target desktop usage
heavily, compared to RHEL which only goes as far that direction as to target
workstations, and somewhat halfheartedly IMO).

------
richardwhiuk
Not sure why this is high - it's only a crash, not a data leak.

------
yuhong
I wonder how common is RFC 7366 currently BTW.

