BoringSSL + TLSv1.2 client side SSL renegociation fails

[slandelle]

Expected behavior

BoringSSL based SSLEngine should support SSL renegociation out of the box like the JDK one.

Actual behavior

SSLEngine and connection crashes during renegociation.

This issue was originally reported against Gatling, see gatling/gatling#4120 for more details.

Steps to reproduce

See pure Netty reproducer below.

Minimal yet complete reproducer code (or URL to code)

https://github.com/slandelle/netty-ssl-renegociation

Netty version

4.1.66.Final

JVM version (e.g. java -version)

openjdk version "1.8.0_292"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_292-b10)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.292-b10, mixed mode)

OS version (e.g. uname -a)

Darwin Kernel Version 20.5.0: Sat May 8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64 x86_64

[normanmaurer]

As far as I remember we don't support renegotiation when using the OpenSSL / BoringSSL based engines because these are considered not secure anymore.

https://boringssl.googlesource.com/boringssl/+/refs/heads/master/include/openssl/ssl.h#4056

[slandelle]

If |ssl| is a server, peer-initiated renegotiations are always rejected and this function does nothing.

There is no support in BoringSSL for initiating renegotiations as a client or server.

Here, Netty is client side and the initiator is the server. Also, this request works fine with Chrome, whose TLS implementation is BoringSSL.

Doesn't renegotiation only bring security issues when the initiator is the client, not the server?

[normanmaurer]

I suspect we would need to enable it explicit for BoringSSL:

https://boringssl.googlesource.com/boringssl/+/6b6e0b20893e2be0e68af605a60ffa2cbb0ffa64/PORTING.md#tls-renegotiation

[slandelle]

Indeed.

Does it looks feasible to you to introduce a new option to be passed through SslContextOption to configure the underlying BoringSSL?

[normanmaurer]

Yeah I guess something like this. That said I think we will also need to add some changes to ReferenceCountedOpenSslEngine

[slandelle]

I'm off on vacation tonight, so I'll only be able to have a look in a few weeks. Thanks for your insights!

[normanmaurer]

@slandelle no worries... I will also be on vacation soon 😆

[slandelle]

Again??? You're just back! 😆

[normanmaurer]

Let me pick this up this week again

[normanmaurer]

This is also related to apple/swift-nio-ssl#111