Is Red Hat affected by TLS renegotiation MITM attacks (CVE-2009-3555)?
Issue
Transport Layer Security (TLS) is a protocol that is used for establishing a secure connection between a client and a server. A TLS renegotiation man-in-the-middle (MITM) attack has been disclosed by Marsh Ray of PhoneFactor that allows an attacker to inject attacker-chosen plain text as a prefix to a victim's session: http://extendedsubset.com/?p=8 (Note: Linked issue reporter's site does not currently provide information on this flaw. Refer to Eric Rescorla's explanation of the flaw for the detailed description: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html)
Environment
- Red Hat Enterprise Linux
- Red Hat Certificate System
- Red Hat Directory Server
- JBoss Enterprise Web Server
- All web browsers
Resolution
The reported issue, CVE-2009-3555, is a TLS/SSL protocol flaw, and not a bug of any specific implementation. The issue therefore affects all protocol implementations. For Red Hat Enterprise Linux this includes the openssl
, nss
, and gnutls
packages, as well as the Java Secure Socket Extension (JSSE) component of various Java Runtime Environments (Sun, IBM, and OpenJDK).
This issue is rated as having moderate security impact, as successful exploitation of this flaw requires a man-in-the-middle attack.
To address this issue, the IETF TLS working group has defined a TLS protocol extension that allows safe session renegotiation. This protocol extension is described in RFC 5746, "Transport Layer Security (TLS) Renegotiation Indication Extension": http://www.rfc-editor.org/rfc/rfc5746.txt
Red Hat has released updates that add support for RFC 5746 to the openssl
, openssl097a
, nss
, gnutls
, java-1.6.0-openjdk
, java-1.6.0-sun
, java-1.4.2-ibm
, java-1.4.2-ibm-sap
, java-1.5.0-ibm
, and java-1.6.0-ibm
packages. These updates are described in the Updates adding RFC 5746 support section.
Red Hat has made updates for httpd
, java-1.4.2-ibm
, java-1.5.0-ibm
, java-1.6.0-ibm
, java-1.6.0-openjdk
, java-1.6.0-sun
, tomcat5
, tomcat6
, and tomcat-native
available to mitigate this flaw by disabling or limiting the use of renegotiation. These updates are described in the Mitigation updates section.
To date, practical attacks using this flaw were only described for HTTPS. Both the mod_ssl
and mod_nss
modules for the httpd
web server allowed clients to perform TLS session renegotiation at any time; therefore, the attack could be used against any HTTPS server using those modules. The impact depended on the web applications deployed on the server. For example, Cross-Site Request Forgery (CSRF) attack protections could mitigate certain attack vectors. There are no known methods to detect the attack on the client side without fully enforcing the new TLS extension. Any web browser not supporting RFC 5746 can be targeted by this attack.
Red Hat is not currently aware of attacks against other application protocols, but they may be discovered during future research.
Updates adding RFC 5746 support
This section details updates that add support for RFC 5746 to various TLS/SSL libraries, allowing clients and servers to renegotiate securely.
Hereafter, the terms upgraded (as used in RFC 5746) or patched (as used in the OpenSSL documentation) client or server will be used to refer to a TLS/SSL client or server implementing RFC 5746, and the terms un-upgraded or unpatched client or server will be used to refer to a TLS/SSL client or server not supporting RFC 5746.
Prior to the availability of RFC 5746 and its implementations, several updates were released to block or limit the use of renegotiation in multiple components. Those updates are described in the Mitigation updates section below.
The RFC 5746 implementation in OpenSSL
Support for RFC 5746 in OpenSSL was introduced upstream in version 0.9.8m.
The renegotiation behavior in the patched Red Hat OpenSSL packages:
- a patched client can connect to and renegotiate with a patched server.
- a patched client can connect to and renegotiate with an unpatched server. This is transitional behavior. Future OpenSSL updates may prevent connections to or renegotiations with unpatched servers.
- a patched server allows patched clients to connect and renegotiate.
- a patched server allows unpatched clients to connect, but not renegotiate.
Applications using OpenSSL can be modified to change this behavior by using the two newly-introduced options that can be set on SSL or SSL context structures:
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- when set, a patched server allows even unpatched clients to renegotiate, but also re-introduces the security vulnerability.SSL_OP_LEGACY_SERVER_CONNECT
- allows patched clients to connect to unpatched servers. This option is currently set by default.
These options can be controlled with the following OpenSSL functions: SSL_CTX_set_options()
or SSL_set_options()
to set them, and SSL_CTX_clear_options()
or SSL_clear_options()
to clear them.
For additional details, refer to the "Secure Renegotiation" section of the SSL_CTX_set_options(3)
manual page.
The openssl
packages errata for Red Hat Enterprise Linux 3, 4, and 5, released on March 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0162.html
https://rhn.redhat.com/errata/RHSA-2010-0163.html
The openssl097a
packages errata for Red Hat Enterprise Linux 5, released on March 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0164.html
The openssl
packages errata for Red Hat Enterprise Virtualization, released on May 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0440.html
Updated openssl
version for JBoss Enterprise Web Server 1.0 was released in version 1.0.1 and is available for download from the Customer Support Portal:
Updated openssl
version for JBoss Enterprise Application Platform 5.0 was released in version 5.0.1 and is available for download from the Customer Support Portal:
Note: With updated OpenSSL packages installed, httpd
installations using the mod_ssl
module to provide an HTTPS service, and configured to use server-initiated renegotiations, will no longer work for unpatched clients (users' web browsers). The Client-initiated renegotiations disabled in mod_ssl section below mentions configuration changes that can be used to avoid the need for server-initiated renegotiations. The new mod_ssl
configuration directive, SSLInsecureRenegotiation, can be used to enable insecure renegotiation, allowing renegotiations with unpatched clients.
The httpd
packages errata adding support for the SSLInsecureRenegotiation
directive for Red Hat Enterprise Linux 4 and 5, released on March 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0168.html
https://rhn.redhat.com/errata/RHSA-2010-0175.html
The httpd
and httpd22
packages errata adding support for the SSLInsecureRenegotiation
directive for JBoss Enterprise Web Server, released on May 5, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0396.html
Updated JBoss Enterprise Web Server 1.0 httpd
packages for Solaris and Windows can be downloaded from the Customer Support Portal:
The RFC 5746 implementation in NSS (Network Security Services)
Support for RFC 5746 in NSS was introduced upstream in version 3.12.6.
The renegotiation behavior in the patched Red Hat NSS packages:
- a patched client can connect to and renegotiate with a patched server.
- a patched client can connect to and renegotiate with an unpatched server. This is transitional behavior. Future NSS updates may prevent connections to or renegotiations with unpatched servers.
- a patched server allows patched clients to connect and renegotiate.
- a patched server allows unpatched clients to connect, but not renegotiate.
Applications using NSS can be modified to change this behavior by using the two newly-introduced options. These options can be set on SSL sockets by using the NSS SSL_OptionSet()
function:
SSL_ENABLE_RENEGOTIATION
- controls renegotiation behavior. It accepts one of the following values:SSL_RENEGOTIATE_UNRESTRICTED
- allows all renegotiations, even insecure.SSL_RENEGOTIATE_NEVER
- deny all renegotiations, even secure.SSL_RENEGOTIATE_REQUIRES_XTN
- allow secure renegotiation using RFC 5746. This is the default for upstream NSS 3.12.6.SSL_RENEGOTIATE_TRANSITIONAL
- similar toSSL_RENEGOTIATE_REQUIRES_XTN
, but also allows patched clients to renegotiate with unpatched servers. This is the default for the current Red Hat NSS packages.
SSL_REQUIRE_SAFE_NEGOTIATION
- controls whether secure renegotiation is required on the initial TLS/SSL handshake, that is, whether patched clients can connect to an unpatched server, or whether patched servers accept connections from unpatched clients. The current default is false.
In addition to modifying applications using the NSS library to add calls setting these options, the default value can be changed for unmodified applications by using the following environment variables:
-
NSS_SSL_ENABLE_RENEGOTIATION
- changes the default value of theSSL_ENABLE_RENEGOTIATION
option. Valid values:- a value of "
1
" or a lowercase or uppercase "u
" sets the default toSSL_RENEGOTIATE_UNRESTRICTED
. - a value of "
0
" or a lowercase or uppercase "n
" sets the default toSSL_RENEGOTIATE_NEVER
. - a value of "
2
" or a lowercase or uppercase "r
" sets the default toSSL_RENEGOTIATE_REQUIRES_XTN
. - a value of "
3
" or a lowercase or uppercase "t
" sets the default toSSL_RENEGOTIATE_TRANSITIONAL
. - Note: NSS only checks the first character of the
NSS_SSL_ENABLE_RENEGOTIATION
environment variable value. Therefore, the values listed above can be followed by an arbitrary string. This allows setting the value to, for example, "unrestricted
" instead of "1
" or "u
" for better readability.
- a value of "
-
NSS_SSL_REQUIRE_SAFE_NEGOTIATION
- changes the default value of theSSL_REQUIRE_SAFE_NEGOTIATION
option. Valid value:- a value starting with "
1
" sets the default to true.
- a value starting with "
The nss
packages errata for Red Hat Enterprise Linux 4 and 5, released on March 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0165.html
The nss
packages errata for Red Hat Enterprise Virtualization, released on May 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0440.html
Note: With updated NSS packages installed, httpd
installations using the mod_nss
module to provide an HTTPS service, and configured to use server-initiated renegotiations, will no longer work for unpatched clients (users' web browsers). The need for server-initiated renegotiations can be avoided by applying similar configuration changes as noted for mod_ssl
in the Client-initiated renegotiations disabled in mod_ssl section below. Alternatively, insecure renegotiations can be allowed for mod_nss
by adding the following line to /etc/sysconfig/httpd
and restarting the httpd
service:
export NSS_SSL_ENABLE_RENEGOTIATION=u
The dirsec-nss
packages for Red Hat Certificate System 7.3 for Red Hat Enterprise Linux were obsoleted by the system nss
packages released in RHSA-2010:0165.
Updated dirsec-nss
packages for Red Hat Certificate System 7.3 for Solaris, released on April 15, 2010, can be downloaded from the "Red Hat Certificate System 7.3 (for Solaris 9)" channel on the Red Hat Network:
https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=7094
Hotfix packages for Red Hat Certificate System 7.1 for Red Hat Enterprise Linux and Solaris can be obtained from the Red Hat support.
Note: Red Hat Certificate System 7.1, 7.3 and 8.0 use server-initiated renegotiations by default. Refer to Configuration changes to prevent server-initiated TLS session renegotiations in Red Hat Certificate System for the configuration changes required to avoid server-initiated renegotiations in Red Hat Certificate System, if all clients cannot be updated at the same time as the Certificate System server. Users of Red Hat Certificate System 7.3 must also install updated rhpki-ra
and rhpki-tps
packages from RHBA-2010:0170 at the same time as the updated NSS packages.
Updated dirsec-nss
packages for Red Hat Directory Server 8 for Solaris, released on April 15, 2010, can be downloaded from the "Red Hat Directory Server 8 (for Solaris 9)" channel on the Red Hat Network:
https://rhn.redhat.com/rhn/software/channel/downloads/Download.do?cid=7810
Hotfix packages for Red Hat Directory Server 7.1 for Red Hat Enterprise Linux and Solaris can be obtained from the Red Hat support.
Note: Refer to The Effects of the TLS Session Renegotiation Vulnerability on Red Hat Directory Server 7.1 and The Effects of the TLS Session Renegotiation Vulnerability on Red Hat Directory Server 8.1 for additional notes on installing updated NSS packages for Red Hat Directory Server.
The RFC 5746 implementation in GnuTLS
Support for RFC 5746 in GnuTLS was introduced upstream in version 2.10.0.
The renegotiation behavior in the patched Red Hat GnuTLS packages:
- a patched client can connect to and renegotiate with a patched server.
- a patched client can connect to, but cannot renegotiate with an unpatched server. Future GnuTLS updates may prevent connections to unpatched servers.
- a patched server allows patched clients to connect and renegotiate.
- a patched server allows unpatched clients to connect, but not renegotiate.
Applications using GnuTLS can be modified to change this behavior for each GnuTLS session by using the two newly-introduced functions:
gnutls_safe_renegotiation_set()
- this function can be used to allow insecure renegotiation. By default, secure renegotiation is required.gnutls_safe_negotiation_set_initial()
- this function can be used to require secure initial negotiation.
Note: The functions listed above are only available in the gnutls
packages in Red Hat Enterprise Linux 4 and 5. In the gnutls
packages in Red Hat Enterprise Linux 6, renegotiation behavior can be controlled using special keywords in priority strings, documented in the gnutls_priority_init(3)
manual page. Special keywords in priority strings are not supported on Red Hat Enterprise Linux 4 and 5.
The gnutls
packages errata for Red Hat Enterprise Linux 4 and 5, released on March 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0166.html
https://rhn.redhat.com/errata/RHSA-2010-0167.html
The gnutls
packages errata for Red Hat Enterprise Virtualization, released on May 25, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0440.html
The RFC 5746 implementation in the Sun and the OpenJDK Java Runtime Environments
Support for RFC 5746 in the Sun Java Runtime Environment (JRE) was introduced upstream in version 6 Update 22, and in the corresponding OpenJDK updates.
The renegotiation behavior in the patched Sun and OpenJDK JRE packages:
- a patched client can connect to and renegotiate with a patched server.
- a patched client can connect to, but cannot renegotiate with an unpatched server.
- a patched server allows patched clients to connect and renegotiate.
- a patched server allows unpatched clients to connect, but not renegotiate.
The following properties can be used to change the default renegotiation behavior:
sun.security.ssl.allowUnsafeRenegotiation
(default valuefalse
) can be used to allow unsafe renegotiation with unpatched peers.sun.security.ssl.allowLegacyHelloMessages
(default valuetrue
) can be used to completely disallow connections to or from unpatched peers.
For additional details, refer to:
http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html
The java-1.6.0-openjdk
packages errata for Red Hat Enterprise Linux 5, released on October 13, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0768.html
The java-1.6.0-sun
packages errata for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on October 14, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0770.html
The java-1.6.0-openjdk
packages errata for Red Hat Enterprise Linux 6, released on November 10, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0865.html
The RFC 5746 implementation in the IBM Java Runtime Environment
Support for RFC 5746 in the IBM Java Runtime Environment (JRE) was introduced upstream in versions 5.0 SR12-FP2, and 1.4.2 SR13-FP6.
The renegotiation behavior in the patched IBM JRE packages:
- a patched client can connect to and renegotiate with a patched server.
- a patched client can connect to, but cannot renegotiate with an unpatched server.
- a patched server allows patched clients to connect and renegotiate.
- a patched server allows unpatched clients to connect, but not renegotiate.
The following properties can be used to change the default renegotiation behavior:
com.ibm.jsse2.renegotiate
can be used to enable or disable renegotiation. Multiple values are recognized, including:NONE
(default value) - only secure renegotiation with peers that implement RFC 5746 is allowed.ALL
- both secure and insecure renegotiation is allowed.
com.ibm.jsse2.extended.renegotiation.indicator
controls whether RFC 5746 support is required during the initial TLS/SSL handshake. Valid values:OPTIONAL
(default value) - RFC 5746 support is not required during the initial handshake.CLIENT
,SERVER
,BOTH
- RFC 5746 support is required for client sockets, server sockets, or both client and server sockets respectively.
For additional details, refer to:
http://www.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2_RFC5746.html
The java-1.4.2-ibm
packages errata for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on October 20, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0786.html
The java-1.5.0-ibm
packages errata for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on October 27, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0807.html
The java-1.4.2-ibm-sap
packages errata for Red Hat Enterprise Linux 4, 5 and 6 for SAP, released on December 15, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0986.html
The java-1.6.0-ibm
packages errata for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary, released on December 15, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0987.html
Note: The java-1.4.2-ibm
packages updates disable renegotiation and add RFC 5746 support only in the non-default IBM JSSE2 provider for the JSSE component. The default JSSE provider is not updated with these fixes. Refer to the "IBMJSSE2 Provider Reference Guide" for instructions on how to configure the IBM Java 2 Runtime Environment to use the JSSE2 provider by default.
Mitigation updates
This section details updates that have been released to provide mitigations for this flaw before RFC 5746 was defined and updates implementing it were available. Updates introducing support for RFC 5746, and hence allow secure renegotiation between upgraded clients and servers, are described in the Updates adding RFC 5746 support section above.
Client-initiated renegotiations disabled in mod_ssl
Updated httpd
packages were released that change mod_ssl
to reject all client-initiated renegotiations, which mitigates this flaw for the majority of configurations using mod_ssl
to provide HTTPS service. However, an attack is still possible in configurations where server-initiated renegotiations are required.
Configurations still affected by the issue are typically where:
- Client certificates authentication is used for some part of the site, but is not required by default. This happens when "
SSLVerifyClient require
" is configured in a<Location>
or<Directory>
context section, but not in the corresponding<VirtualHost>
for the SSL server. - Different cipher suites are required for different parts of the web site. Cipher suite requirements can be configured per-server or per-directory context using the
SSLCipherSuite
directive.
Server-initiated renegotiations can be avoided by:
- Changing the site layout so that a client certificate authentication is required for the whole site, rather than only a part. In other words, so that "
SSLVerifyClient
" is used only when directly inside a<VirtualHost>
section. - Using the same cipher suite for the whole site. The highest cipher strength requirement of all directories and locations should be set in the
<VirtualHost>
section.
Note: When both client and server support RFC 5746, they can renegotiate safely even in the configurations described above that require server-initiated renegotiations. As mod_ssl
uses OpenSSL library, refer to the The RFC 5746 implementation in OpenSSL section above for the list and the description of the openssl
packages updates that add RFC 5746 support and that need to be installed to allow the HTTPS service to use secure renegotiation.
The httpd
packages errata for Red Hat Enterprise Linux 3, 4, and 5, released on November 11, 2009:
https://rhn.redhat.com/errata/RHSA-2009-1579.html
https://rhn.redhat.com/errata/RHSA-2009-1580.html
The httpd
and httpd22
packages errata for JBoss Enterprise Web Server, released on January 6, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0011.html
Updated JBoss Enterprise Web Server 1.0 packages for Solaris can be downloaded from the Customer Support Portal:
Renegotiations disabled in the IBM Java Runtime Environment
The IBM JRE versions 6 SR7, 5.0 SR11-FP1, and 1.4.2 SR13-FP4 disable renegotiation by default. It is possible to control renegotiation behavior by using the com.ibm.jsse2.renegotiate
property. The default value is NONE
(renegotiation is disabled). Unsafe renegotiation can be re-enabled by setting the property value to ALL
. For additional details, refer to:
http://www-01.ibm.com/support/docview.wss?uid=nas258cbfcf0a5645af7862576710041f65e
These updates are obsoleted by updates adding RFC 5746 support. Refer to the The RFC 5746 implementation in the IBM Java Runtime Environment section above.
The java-1.6.0-ibm
packages errata for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on December 23, 2009:
https://rhn.redhat.com/errata/RHSA-2009-1694.html
The java-1.5.0-ibm
packages errata for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on March 3, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0130.html
The java-1.4.2-ibm
packages errata for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on March 17, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0155.html
The java-1.4.2-ibm
packages errata for Red Hat Enterprise Linux 4 and 5 for SAP, released on May 12, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0408.html
Renegotiations disabled in the Sun and the OpenJDK Java Runtime Environments
The Sun JRE version 6 Update 19, and the corresponding OpenJDK JRE updates disable renegotiation by default. It is possible to enable unsafe renegotiation by using the sun.security.ssl.allowUnsafeRenegotiation
property. The default value is false
(renegotiation is disabled).
These updates are obsoleted by updates adding RFC 5746 support. Refer to the The RFC 5746 implementation in the Sun and the OpenJDK Java Runtime Environments section above.
The java-1.6.0-sun
packages errata for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, released on March 31, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0337.html
The java-1.6.0-openjdk
packages errata for Red Hat Enterprise Linux 5, released on March 31, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0339.html
Renegotiations disabled in Apache Tomcat
Apache Tomcat can be configured to run as a stand-alone HTTPS server. For TLS/SSL, the Tomcat HTTPS connector can use the implementation provided by either the JSSE component of the JRE (Sun, IBM, or OpenJDK) or OpenSSL (when using the Tomcat Native library). Both JSSE and OpenSSL handle client-requested renegotiations transparently. Additionally, Tomcat may ask the client to renegotiate in certain configurations using client certificate authentication, for example, configurations where:
- A client certificate is not required on the initial connection, such as when:
- The
clientAuth
attribute of the HTTPS connector using JSSE is set tofalse
. - The
SSLVerifyClient
attribute of the HTTPS connector using OpenSSL is set tonone
.
- The
- A web application specifies the
CLIENT-CERT
authentication method in thelogin-config
section of the application'sweb.xml
file.
The following mitigations were applied to Tomcat and Tomcat Native:
- Tomcat 5.5.29 and 6.0.21 adds a new attribute for the HTTPS connector using JSSE,
allowUnsafeLegacyRenegotiation
. When this attribute is set tofalse
(the default value), Tomcat will reject both client- and server-initiated renegotiations. - Tomcat Native 1.1.18 restricts client-initiated renegotiations for the HTTPS connector using OpenSSL. Server-initiated renegotiations are still allowed. This mitigation is similar to the
mod_ssl
mitigation described above.
For additional details about these mitigations, refer to the Tomcat and Tomcat Native documentation, and the following vulnerability pages:
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-native.html
Note: It is common to use Tomcat as a Servlet or JavaServer Pages (JSP) container behind another web server, which handles the encrypted connections and passes the requests to Tomcat in unencrypted form. For these configurations, the Tomcat and Tomcat Native mitigations described above do not apply: the issue needs to be addressed in the web server or the TLS/SSL library used by the web server.
Updated tomcat5
, tomcat6
, and tomcat-native
packages were released as part of the JBoss Enterprise Web Server 1.0.1 update on February 23, 2010:
https://rhn.redhat.com/errata/RHSA-2010-0119.html
Updated JBoss Enterprise Web Server 1.0.1 packages for Solaris can be downloaded from the Customer Support Portal:
Revision history
- 2009-11-05 - Initial version.
- 2009-11-09 - Extended impact description.
- 2009-11-11 - Added descriptions of the
httpd
/mod_ssl
mitigations, references to RHSA-2009:1579 and RHSA-2009:1580. - 2010-02-09 - Added reference to RHSA-2010:0011. Added reference to the IETF approved renegotiation extension draft. Added IBM JRE mitigation notes and reference to RHSA-2009:1694.
- 2010-02-23 - Added reference to RFC 5746. Added Tomcat mitigation notes and reference to RHSA-2010:0119.
- 2010-03-03 - Added reference to RHSA-2010:0130.
- 2010-03-17 - Added reference to RHSA-2010:0155.
- 2010-03-25 - Added descriptions of the
openssl
,nss
, andgnutls
updates adding support for RFC 5746. Added references to RHSA-2010:0162, RHSA-2010:0163, RHSA-2010:0164, RHSA-2010:0165, RHSA-2010:0166, RHSA-2010:0167 and RHSA-2010:0168. - 2010-04-01 - Added reference to RHSA-2010:0175. Added Sun and OpenJDK JRE mitigation notes and references to RHSA-2010:0337 and RHSA-2010:0339.
- 2010-06-10 - Added references to updates for Red Hat Certificate System, Red Hat Directory Server, JBoss Enterprise Web Server and JBoss Enterprise Application Platform. Added references to RHSA-2010:0396, RHSA-2010:0408 and RHSA-2010:0440.
- 2010-10-15 - Documented RFC 5746 support in the Sun and OpenJDK JRE. Added references to RHSA-2010:0768 and RHSA-2010:0770. Listed the upstream GnuTLS version providing RFC 5746 support.
- 2010-10-29 - Documented RFC 5746 support in the IBM JRE. Added references to RHSA-2010:0786 and RHSA-2010:0807.
- 2011-01-06 - Added references to RHSA-2010:0865, RHSA-2010:0986, and RHSA-2010:0987.
- 2012-04-16 - Added link to Eric Rescorla's issue description. Clarified "Client-initiated renegotiations disabled in mod_ssl" section regarding OpenSSL packages updates that add RFC 5746 support.
Comments