Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: allow renegotiation when acting as a client. #3551

Merged
merged 4 commits into from
Jun 11, 2018
Merged

tls: allow renegotiation when acting as a client. #3551

merged 4 commits into from
Jun 11, 2018

Conversation

PiotrSikora
Copy link
Contributor

Risk Level: Low
Testing: Manual (BoringSSL doesn't support renegotiation when acting as a server)
Docs Changes: Added
Release Notes: Added

Signed-off-by: Piotr Sikora piotrsikora@google.com

@PiotrSikora
tls: allow renegotiation when acting as a client.
e2f33e4 
*Risk Level*: Low
*Testing*: Manual (BoringSSL doesn't support renegotiation when acting as a server)
*Docs Changes*: Added
*Release Notes*: Added

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
@PiotrSikora
Copy link
Contributor Author

cc @ggreenway

@davidben
Copy link
Contributor

davidben commented Jun 7, 2018

What's the motivation here? Renegotiation has serious security consequences, makes the I/O pattern weird, is incompatible with HTTP/2, and blocks a BoringSSL optimization to make TLS connections use less memory (SSL_set_shed_handshake_config). There's a reason we keep it off by default.

@PiotrSikora
Copy link
Contributor Author

@davidben I'm well aware of that, and like you, I'd prefer to avoid renegotiation, but there were few reports (both on Envoy and Istio mailing lists) of people being unable to connect to external services due to OPENSSL_internal:NO_RENEGOTIATION followed by OPENSSL_internal:PROTOCOL_IS_SHUTDOWN, because some servers request client certificate post-handshake (i.e. after HTTP request). At the very least, SAP and IIS servers are known to do that.

Note: This change keeps renegotiation off by default,, so I don't expect people to use it unless they hit the aforementioned issue.

@PiotrSikora
review: add warning to the docs.
de9b152 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
ggreenway
ggreenway previously approved these changes Jun 8, 2018
View reviewed changes
Copy link
Contributor

@ggreenway ggreenway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok with this, given the sane default, warning in the docs, and that it is only allowed for upstream connections.

@davidben?

@davidben
Copy link
Contributor

davidben commented Jun 8, 2018

LGTM. I hate renegotiation, but I will begrudgingly concede that sometimes you might need a toggle for it. :-)

@ggreenway
Copy link
Contributor

LGTM. I hate renegotiation, but I will begrudgingly concede that sometimes you might need a toggle for it. :-)

That's my feeling as well.

mattklein123
mattklein123 reviewed Jun 8, 2018
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@PiotrSikora can we get a test for this somehow? Not sure how hard that would be... At the very least can we have a test that at least turns on this flag to make sure it doesn't do anything obviously bad?

@PiotrSikora
Merge remote-tracking branch 'origin/master' into PiotrSikora/client_…
7b05d87 
…renegotiate

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
@PiotrSikora
Copy link
Contributor Author

@mattklein123 yeah, I'll add tests with this flag turned on shortly, to make sure it doesn't break other stuff, but I don't think we can properly test renegotiation without pulling another SSL library, which might be an overkill...

I'll eventually fix this with #186.

@mattklein123
Copy link
Member

@mattklein123 yeah, I'll add tests with this flag turned on shortly, to make sure it doesn't break other stuff, but I don't think we can properly test renegotiation without pulling another SSL library, which might be an overkill...

Yup, agreed. sgtm.

@PiotrSikora
review: add bunch of tests with allowed (but unused) client renegotia…
3f489fd 
…tion.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
mattklein123
mattklein123 approved these changes Jun 11, 2018
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thanks.

@mattklein123 mattklein123 merged commit f497208 into envoyproxy:master Jun 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

@ggreenway ggreenway ggreenway left review comments

Assignees

@ggreenway ggreenway

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@PiotrSikora @davidben @ggreenway @mattklein123