CVE-2009-3555 OpenSSL need to be updated to close TLS MITM attack

While OpenSSL does need to be updated, it requires a protocol change to fix properly. At this time, Ubuntu is waiting on the protocol changes discussed by the IETF to be formalized before patching OpenSSL. In the meantime, since there are known attacks against the HTTPS protocol, Apache was updated to disallow client initiated TLS renegotiations in http://www.ubuntu.com/usn/USN-860-1.

  Hi,

  I need to re-enable renegotiation (at least temporarily) because it is needed by svnsync (Subversion over HTTPS). Unfortunately I do not understand the above comment about re-enabling it. Do you have any pointer ?

  Regards,

--
Florent Georges

Hi,
we need the following to properly fix that issue.

Fixed in 0.9.8m [25 Feb 2010] that follows http://tools.ietf.org/html/rfc5746
  *) Implement RFC5746. Re-enable renegotiation but require the extension
     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
     turns out to be a bad idea. It has been replaced by
     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
     SSL_CTX_set_options(). This is really not recommended unless you
     know what you are doing.
     [Eric Rescorla <email address hidden>, Ben Laurie, Steve Henson]

It should be better to switch to 0.9.8n [24 Mar 2010]
Ideally to switch directly to 1.0.0 [29 Mar 2010] to avoid many security issues and reestablish SSL security in Ubuntu, otherwise there will high risk when using ubuntu server edition with services like Apache, Postfix etc...

Lukas, other than this issue, openssl in Ubuntu has no open security issues. We backport security fixes and openssl security in Ubuntu is fine. 0.9.8n (or backported patches) is being evaluated for inclusion in Ubuntu, but the issue is quite complicated. For more information, please see (along with the References) http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3555.html

Jamie, you are definitely right. I would like to clarify it now. To fix latest reported vulnerabilities it should be fine to update to 0.9.8n or backport patches. I'll be happy with that, because this is enough for use with Apache httpd 2.2.15 (or again backported patches) But there is also good oportunity to switch directly to 1.0.0. in Lucid to take a lot of enhancements which indirectly improves security.

Updated have now been released for stable releases, and openssl in Maverick is already fixed.

http://www.ubuntu.com/usn/usn-990-1