Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#797 closed Bug / Defect (notabug)

reneg-bytes not disabled per default as stated in docs

Reported by: mangodan Owned by:
Priority: trivial Milestone:
Component: Documentation Version: OpenVPN 2.3.13 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: reneg-bytes
Cc:

Description

Tried posting this already but cannot find any trace of it now.

The docs state that reneg-bytes is disabled by default, however it seems it is actually set to 100MiB.

see https://github.com/authy/authy-openvpn/issues/14

Change History (3)

comment:1 Changed 4 years ago by mangodan

apologies, now found my original report and want to delete this one. but cannot see how.

comment:2 Changed 4 years ago by David Sommerseth

Resolution: notabug
Status: newclosed

Closing as notabug.

From my post on the github:

Extracts from a --verb 4 log on a test setup I have:

Wed Dec 21 18:18:02 2016 us=960278   renegotiate_bytes = -1
Wed Dec 21 18:18:02 2016 us=961046 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov  3 2016

However ... if you are using a cipher with a block size less than 128 bits, it will default to --reneg-bytes 64MB (on the UDP/TCP socket), and that will be clearly identified in the log file as well as a big warning.

And some code segments to document my statement:

src/openvpn/ssl.c:

/**
 * Limit the reneg_bytes value when using a small-block (<128 bytes) cipher.
 *
 * @param cipher        The current cipher (may be NULL).
 * @param reneg_bytes   Pointer to the current reneg_bytes, updated if needed.
 *                      May *not* be NULL.
 */
static void
tls_limit_reneg_bytes(const cipher_kt_t *cipher, int *reneg_bytes)
{
    if (cipher && (cipher_kt_block_size(cipher) < 128/8))
    {
        if (*reneg_bytes == -1) /* Not user-specified */
        {
            msg(M_WARN, "WARNING: cipher with small block size in use, "
                "reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.");
            *reneg_bytes = 64 * 1024 * 1024;
        }
    }
}

src/openvpn/ssl.c:2702

   /* Should we trigger a soft reset? -- new key, keeps old key for a while */
    if (ks->state >= S_ACTIVE
        && ((session->opt->renegotiate_seconds
             && now >= ks->established + session->opt->renegotiate_seconds)
            || (session->opt->renegotiate_bytes > 0
                && ks->n_bytes >= session->opt->renegotiate_bytes)
            || (session->opt->renegotiate_packets
                && ks->n_packets >= session->opt->renegotiate_packets)
            || (packet_id_close_to_wrapping(&ks->crypto_options.packet_id.send))))
    {
        msg(D_TLS_DEBUG_LOW,
            "TLS: soft reset sec=%d bytes=" counter_format "/%d pkts=" counter_format "/%d",
            (int)(ks->established + session->opt->renegotiate_seconds - now),
            ks->n_bytes, session->opt->renegotiate_bytes,
            ks->n_packets, session->opt->renegotiate_packets);
        key_state_soft_reset(session);
    }

Please post a complete --verb 4 log of what is happening next time.

comment:3 Changed 4 years ago by Gert Döring

dup of #796

Note: See TracTickets for help on using tickets.