tls: allow renegotiation when acting as a client.

api/envoy/api/v2/auth/cert.proto

@@ -260,6 +260,13 @@ message UpstreamTlsContext {
 
   // SNI string to use when creating TLS backend connections.
   string sni = 2 [(validate.rules).string.max_bytes = 255];
+
+  // If true, server-initiated TLS renegotiation will be allowed.
+  //
+  // .. attention::
+  //
+  //   TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
+  bool allow_renegotiation = 3;
 }
 
 message DownstreamTlsContext {

docs/root/intro/version_history.rst

@@ -115,6 +115,8 @@ Version history
 * tls: added support for multiple
   :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`
   values.
+* tls: added support for :ref:`renegotiation <envoy_api_field_auth.UpstreamTlsContext.allow_renegotiation>`
+  when acting as a client.
 * tls: removed support for legacy SHA-2 CBC cipher suites.
 * tracing: the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if
   to use it. For example, if the :ref:`x-b3-sampled <config_http_conn_man_headers_x-b3-sampled>` header

include/envoy/ssl/context_config.h

@@ -115,6 +115,11 @@ class ClientContextConfig : public virtual ContextConfig {
    * Otherwise, ""
    */
   virtual const std::string& serverNameIndication() const PURE;
+
+  /**
+   * @return true if server-initiated TLS renegotiation will be allowed.
+   */
+  virtual bool allowRenegotiation() const PURE;
 };
 
 class ServerContextConfig : public virtual ContextConfig {

source/common/ssl/context_config_impl.cc

@@ -95,7 +95,8 @@ unsigned ContextConfigImpl::tlsVersionFromProto(
 
 ClientContextConfigImpl::ClientContextConfigImpl(
     const envoy::api::v2::auth::UpstreamTlsContext& config)
-    : ContextConfigImpl(config.common_tls_context()), server_name_indication_(config.sni()) {
+    : ContextConfigImpl(config.common_tls_context()), server_name_indication_(config.sni()),
+      allow_renegotiation_(config.allow_renegotiation()) {
   // BoringSSL treats this as a C string, so embedded NULL characters will not
   // be handled correctly.
   if (server_name_indication_.find('\0') != std::string::npos) {

source/common/ssl/context_config_impl.h

@@ -89,9 +89,11 @@ class ClientContextConfigImpl : public ContextConfigImpl, public ClientContextCo
 
   // Ssl::ClientContextConfig
   const std::string& serverNameIndication() const override { return server_name_indication_; }
+  bool allowRenegotiation() const override { return allow_renegotiation_; }
 
 private:
   const std::string server_name_indication_;
+  const bool allow_renegotiation_;
 };
 
 class ServerContextConfigImpl : public ContextConfigImpl, public ServerContextConfig {

source/common/ssl/context_impl.cc

@@ -455,14 +455,13 @@ std::string ContextImpl::getSerialNumber(const X509* cert) {
 
 ClientContextImpl::ClientContextImpl(ContextManagerImpl& parent, Stats::Scope& scope,
                                      const ClientContextConfig& config)
-    : ContextImpl(parent, scope, config) {
+    : ContextImpl(parent, scope, config), server_name_indication_(config.serverNameIndication()),
+      allow_renegotiation_(config.allowRenegotiation()) {
   if (!parsed_alpn_protocols_.empty()) {
     int rc = SSL_CTX_set_alpn_protos(ctx_.get(), &parsed_alpn_protocols_[0],
                                      parsed_alpn_protocols_.size());
     RELEASE_ASSERT(rc == 0);
   }
-
-  server_name_indication_ = config.serverNameIndication();
 }
 
 bssl::UniquePtr<SSL> ClientContextImpl::newSsl() const {
@@ -473,6 +472,10 @@ bssl::UniquePtr<SSL> ClientContextImpl::newSsl() const {
     RELEASE_ASSERT(rc);
   }
 
+  if (allow_renegotiation_) {
+    SSL_set_renegotiate_mode(ssl_con.get(), ssl_renegotiate_freely);
+  }
+
   return ssl_con;
 }
 

source/common/ssl/context_impl.h

@@ -138,7 +138,8 @@ class ClientContextImpl : public ContextImpl, public ClientContext {
   bssl::UniquePtr<SSL> newSsl() const override;
 
 private:
-  std::string server_name_indication_;
+  const std::string server_name_indication_;
+  const bool allow_renegotiation_;
 };
 
 class ServerContextImpl : public ContextImpl, public ServerContext {