From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 40A0C7FEB4 for ; Mon, 15 Nov 2021 21:51:32 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 309DAFA3F for ; Mon, 15 Nov 2021 21:51:02 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5D21DFA34 for ; Mon, 15 Nov 2021 21:51:00 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 25A5B43B03 for ; Mon, 15 Nov 2021 21:51:00 +0100 (CET) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Date: Mon, 15 Nov 2021 21:50:43 +0100 Message-Id: <20211115205043.23286-1-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.322 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH http-server] fix #3724: disable TLS renegotiation X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Nov 2021 20:51:32 -0000 The issue is probably not critical and best addressed by not running the perl API servers in an exposed environment or when this needs to be done by installing a reverse proxy in front of them. The DOS potential of the perl daemons is limited more by the limited number of parallel workers (and the memory constraints of starting more of them), than by the CPU cycles wasted on TLS renegotiation. Still disabling TLS renegotiation should show very little downside: * it was removed in TLS 1.3 for security reasons * it was the way nginx addressed this issue [1]. * we do not use client certificate authentication Tested by running `openssl s_client -no_tls1_3 -connect 192.0.2.1:8006` and issuing a `HEAD / HTTP/1.1\nR\n` with and without the patch. [1] 70bd187c4c386d82d6e4d180e0db84f361d1be02 at https://github.com/nginx/nginx (although that code adapted to the various changes in openssl API over the years) Signed-off-by: Stoiko Ivanov --- src/PVE/APIServer/AnyEvent.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm index 86d0e2e..e3633f7 100644 --- a/src/PVE/APIServer/AnyEvent.pm +++ b/src/PVE/APIServer/AnyEvent.pm @@ -1883,7 +1883,8 @@ sub new { $self->{ssl}->{dh} = 'skip2048'; } - my $tls_ctx_flags = &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | &Net::SSLeay::OP_SINGLE_DH_USE; + my $tls_ctx_flags = &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | + &Net::SSLeay::OP_SINGLE_DH_USE | &Net::SSLeay::OP_NO_RENEGOTIATION; if ( delete $self->{ssl}->{honor_cipher_order} ) { $tls_ctx_flags |= &Net::SSLeay::OP_CIPHER_SERVER_PREFERENCE; } -- 2.30.2