Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152863 - mod_ssl SSLCipherSuite Restriction Bypass Vulnerability CAN-2004-0885
Summary: mod_ssl SSLCipherSuite Restriction Bypass Vulnerability CAN-2004-0885
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-02 19:21 UTC by David Lawrence
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:30:07 UTC
Ralf, here's the fix I suggest for the CAN-2004-0885 SSLCipherSuite
bypass issue (
does it look OK?

I've tested this on a server running OpenSSL 0.9.6 from a custom-hacked
client which resumes the session during the renegotiation for a
per-dir-SSLCipherSuite, and it gets a 403 as expected.  I've tested the
equivalent patch for 2.0 against 0.9.7 and it renegotiates the cipher
suite properly as expected.

--- mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c.can0885	2002-10-04
14:17:33.000000000 +0100
+++ mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_init.c	2004-10-08
13:35:15.000000000 +0100
@@ -602,6 +602,14 @@
         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
+    /* 
+     * Disallow a session from being resumed during a renegotiation,
+     * so that an acceptable cipher suite can be negotiated.
+     */
      *  Configure callbacks for SSL context
--- mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_kernel.c.can0885	2004-10-08
13:35:15.000000000 +0100
+++ mod_ssl-2.8.12-1.3.27/pkg.sslmod/ssl_engine_kernel.c	2004-10-08
13:35:41.000000000 +0100
@@ -665,7 +665,7 @@
     X509_STORE_CTX certstorectx;
     int depth;
     STACK_OF(SSL_CIPHER) *skCipherOld;
-    STACK_OF(SSL_CIPHER) *skCipher;
+    STACK_OF(SSL_CIPHER) *skCipher = NULL;
     SSL_CIPHER *pCipher;
     ap_ctx *apctx;
     int nVerifyOld;
@@ -1051,6 +1051,20 @@
                 return FORBIDDEN;
+        /*
+         * Also check that SSLCipherSuite has been enforced as expected.
+         */
+        if (skCipher) {
+            pCipher = SSL_get_current_cipher(ssl);
+            if (sk_SSL_CIPHER_find(skCipher, pCipher) < 0) {
+                ssl_log(r->server, SSL_LOG_ERROR,
+                        "SSL cipher suite not renegotiated: "
+                        "access to %s denied using cipher %s",
+                        r->filename, SSL_CIPHER_get_name(pCipher));
+                return FORBIDDEN;
+            }
+        }
Apache Interface to OpenSSL (mod_ssl)         
User Support Mailing List            
Automated List Manager                  
also see and

------- Additional Comments From 2004-12-02 16:19:34 ----

*** This bug has been marked as a duplicate of 2148 ***

------- Bug moved to this database by 2005-03-30 18:30 -------

This bug previously known as bug 2325 at
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here,
   Previous reporter was
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Note You need to log in before you can comment on or make changes to this bug.