Back to qualys.com

mod_ssl Bug and SSL Labs Renegotiation Test

Update March 13, 2019: SSL Labs Renegotiation Test is re-enabled on the production instance.

Update March 12, 2019: SSL Labs Renegotiation Test is re-enabled on the development instance, and will be live on the production instance this week.

Update February 20, 2019: To give more time to fix, we will re-enable the SSL Labs Renegotiation Test on March 11, 2019 (two additional weeks).

The Apache Security Team fixed a bug which triggers whenever a client attempts renegotiation with Apache HTTP Server 2.4.37 and OpenSSL 1.1.1. This bug causes the Apache httpd service to consume 100% CPU. Details of the bug can be found at: https://bz.apache.org/bugzilla/show_bug.cgi?id=63052

Local testing by Qualys confirms that the SSL Labs renegotiation test triggers this bug for the above-mentioned server configuration, and can be used to cause the Apache httpd service on a target system to consume 100% CPU.

To allow Apache users time to apply the fix, SSL Labs has disabled the Renegotiation Test for one month, and we will re-enable it on February 25, 2019. While the test is disabled, users will not see the following in SSL Labs reports:

Acknowledgements

We would like to thank the Apache Security Team for working with us on this issue.

6 responses to “mod_ssl Bug and SSL Labs Renegotiation Test”

  1. Am I correct in assuming that this (really disgusting) bug affects only webservers supporting TLS 1.3 actually ?
    If so, it might be sufficient to restrict the no-testing policy to such systems where the new protocol has been detected.
    Should we even attempt to renegotiate anywhere amidst of and during a session which is labeled “HSTS” ?
    If I have understood this well, HSTS prevents any kind of regenotiation resp. handshaking by simply terminating it (so any MITM intruders won’t even get their dirty hands into this, which is the purpose).
    => WRONG MESSAGE. Session terminated. – is all what such comes off that in case of someone attempting to negotiate…
    (TLS 1.2 and TLS 1.3 won’t get switched inbetween and mid-session on a server which only supports these two and has fallbacks prevented).

    • TLS 1.3 has removed Renegotiation feature.

      Openssl 1.1.1 supports TLS 1.3. Those server which are upgraded to Openssl 1.1.1 by default supports TLS 1.3, however server can be configured with TLS 1.3 disabled and SSL Labs cannot detect which version of OpenSSL is used in Apache server.

  2. Does it skip the renegotiation test even if the server says something other than Apache due to it being a risk even behind a proxy, or it is because it doesn’t want to trust the server string to be honest?

    • Detection of Webserver/Version is not reliable, most may not have enabled it. Due to this reason, we have disabled this test fully to avoid issues for web servers.

      Regards,
      Yash K.S

Leave a Reply