From a0434e126e6761618067a4027e03890f2f504f68 Mon Sep 17 00:00:00 2001 From: Stoiko Ivanov Date: Mon, 15 Nov 2021 21:50:43 +0100 Subject: [PATCH] fix #3724: disable TLS renegotiation The issue is probably not critical and best addressed by not running the perl API servers in an exposed environment or when this needs to be done by installing a reverse proxy in front of them. The DOS potential of the perl daemons is limited more by the limited number of parallel workers (and the memory constraints of starting more of them), than by the CPU cycles wasted on TLS renegotiation. Still disabling TLS renegotiation should show very little downside: * it was removed in TLS 1.3 for security reasons * it was the way nginx addressed this issue [1]. * we do not use client certificate authentication Tested by running `openssl s_client -no_tls1_3 -connect 192.0.2.1:8006` and issuing a `HEAD / HTTP/1.1\nR\n` with and without the patch. [1] 70bd187c4c386d82d6e4d180e0db84f361d1be02 at https://github.com/nginx/nginx (although that code adapted to the various changes in openssl API over the years) Signed-off-by: Stoiko Ivanov --- src/PVE/APIServer/AnyEvent.pm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm index ecf771f..e765418 100644 --- a/src/PVE/APIServer/AnyEvent.pm +++ b/src/PVE/APIServer/AnyEvent.pm @@ -1885,7 +1885,8 @@ sub new { $self->{ssl}->{dh} = 'skip2048'; } - my $tls_ctx_flags = &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | &Net::SSLeay::OP_SINGLE_DH_USE; + my $tls_ctx_flags = &Net::SSLeay::OP_NO_COMPRESSION | &Net::SSLeay::OP_SINGLE_ECDH_USE | + &Net::SSLeay::OP_SINGLE_DH_USE | &Net::SSLeay::OP_NO_RENEGOTIATION; if ( delete $self->{ssl}->{honor_cipher_order} ) { $tls_ctx_flags |= &Net::SSLeay::OP_CIPHER_SERVER_PREFERENCE; }