From 555fc2d00d0105bea89173c84a50ee551665cd89 Mon Sep 17 00:00:00 2001
From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Mon, 31 Jan 2011 23:43:38 +0000
Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50325
 Use JVM provided solutions to CVE-2009-3555 if available (i.e. RFC 5746
 support)

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1065859 13f79535-47bb-0310-9956-ffa450edef68
---
 .../tomcat/util/net/jsse/JSSESocketFactory.java    | 38 ++++++++++++++++++----
 webapps/docs/changelog.xml                         |  6 ++++
 webapps/docs/config/http.xml                       |  8 ++++-
 3 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
index 7a6a60880..ac6b59155 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
@@ -26,7 +26,9 @@ import java.net.InetAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
+import java.security.KeyManagementException;
 import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CRL;
@@ -78,12 +80,16 @@ import org.apache.tomcat.util.res.StringManager;
  */
 public class JSSESocketFactory implements ServerSocketFactory {
 
+    private static final org.apache.juli.logging.Log log =
+        org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
     private static final StringManager sm =
         StringManager.getManager("org.apache.tomcat.util.net.jsse.res");
 
+    private static final boolean RFC_5746_SUPPORTED;
+
     // Defaults - made public where re-used
-    static String defaultProtocol = "TLS";
-    static String defaultKeystoreType = "JKS";
+    private static final String defaultProtocol = "TLS";
+    private static final String defaultKeystoreType = "JKS";
     private static final String defaultKeystoreFile
         = System.getProperty("user.home") + "/.keystore";
     private static final int defaultSessionCacheSize = 0;
@@ -91,8 +97,28 @@ public class JSSESocketFactory implements ServerSocketFactory {
     private static final String ALLOW_ALL_SUPPORTED_CIPHERS = "ALL";
     public static final String DEFAULT_KEY_PASS = "changeit";
     
-    static final org.apache.juli.logging.Log log =
-        org.apache.juli.logging.LogFactory.getLog(JSSESocketFactory.class);
+    static {
+        boolean result = false;
+        SSLContext context;
+        try {
+            context = SSLContext.getInstance("TLS");
+            context.init(null, null, new SecureRandom());
+            SSLServerSocketFactory ssf = context.getServerSocketFactory();
+            String ciphers[] = ssf.getSupportedCipherSuites();
+            for (String cipher : ciphers) {
+                if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) {
+                    result = true;
+                    break;
+                }
+            }
+        } catch (NoSuchAlgorithmException e) {
+            // Assume no RFC 5746 support
+        } catch (KeyManagementException e) {
+            // Assume no RFC 5746 support
+        }
+        RFC_5746_SUPPORTED = result;
+    }
+
 
     private AbstractEndpoint endpoint;
 
@@ -168,8 +194,8 @@ public class JSSESocketFactory implements ServerSocketFactory {
         if (session.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL"))
             throw new IOException("SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL");
 
-        if (!allowUnsafeLegacyRenegotiation) {
-            // Prevent futher handshakes by removing all cipher suites
+        if (!allowUnsafeLegacyRenegotiation && !RFC_5746_SUPPORTED) {
+            // Prevent further handshakes by removing all cipher suites
             ((SSLSocket) sock).setEnabledCipherSuites(new String[0]);
         }
     }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ae5c6b7f5..acd06a30a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -126,6 +126,12 @@
         <code>event.close()</code> during an END event. (markt) 
       </fix>
       <fix>
+        <bug>50325</bug>: When the JVM indicates support for RFC 5746, disable
+        Tomcat&apos;s <code>allowUnsafeLegacyRenegotiation</code> configuration
+        attribute and use the JVM configuration to control renegotiation.
+        (markt)
+      </fix>
+      <fix>
         <bug>50405</bug>: Fix occassional NPE when using NIO connector and
         Comet. (markt)
       </fix>
diff --git a/webapps/docs/config/http.xml b/webapps/docs/config/http.xml
index 9cdf55682..11cd12037 100644
--- a/webapps/docs/config/http.xml
+++ b/webapps/docs/config/http.xml
@@ -864,7 +864,13 @@
       <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
       users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
       protocol that allows an attacker to inject arbitrary data into the user's
-      request. If not specified, a default of <code>false</code> is used.</p>
+      request. If not specified, a default of <code>false</code> is used. This
+      attribute only has an effect if the JVM does not support RFC 5746 as
+      indicated by the presence of the pseudo-ciphersuite
+      TLS_EMPTY_RENEGOTIATION_INFO_SCSV. This is available JRE/JDK 6 update 22
+      onwards. Where RFC 5746 is supported the renegotiation - including support
+      for unsafe legacy renegotiation - is controlled by the JVM configuration.
+      </p>
     </attribute>
 
     <attribute name="ciphers" required="false">
-- 
2.11.0