CVE-2009-3555 OpenSSL need to be updated to close TLS MITM attack

Bug #484417 reported by Benjamin
This bug affects 4 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Fix Released

Bug Description

Binary package hint: openssl

 Changes between 0.9.8k and 0.9.8l [5 Nov 2009]

  *) Disable renegotiation completely - this fixes a severe security
     problem (CVE-2009-3555) at the cost of breaking all
     renegotiation. Renegotiation can be re-enabled by setting
     run-time. This is really not recommended unless you know what
     you're doing.
     [Ben Laurie]

CVE References

Benjamin (bercovitz)
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

While OpenSSL does need to be updated, it requires a protocol change to fix properly. At this time, Ubuntu is waiting on the protocol changes discussed by the IETF to be formalized before patching OpenSSL. In the meantime, since there are known attacks against the HTTPS protocol, Apache was updated to disallow client initiated TLS renegotiations in

Changed in openssl (Ubuntu):
status: New → Confirmed
Changed in openssl (Ubuntu):
importance: Undecided → Low
Revision history for this message
Florent Georges (fgeorges) wrote :


  I need to re-enable renegotiation (at least temporarily) because it is needed by svnsync (Subversion over HTTPS). Unfortunately I do not understand the above comment about re-enabling it. Do you have any pointer ?


Florent Georges

Revision history for this message
Lukas Koranda (lkoranda) wrote :

we need the following to properly fix that issue.

Fixed in 0.9.8m [25 Feb 2010] that follows
  *) Implement RFC5746. Re-enable renegotiation but require the extension
     turns out to be a bad idea. It has been replaced by
     SSL_CTX_set_options(). This is really not recommended unless you
     know what you are doing.
     [Eric Rescorla <email address hidden>, Ben Laurie, Steve Henson]

It should be better to switch to 0.9.8n [24 Mar 2010]
Ideally to switch directly to 1.0.0 [29 Mar 2010] to avoid many security issues and reestablish SSL security in Ubuntu, otherwise there will high risk when using ubuntu server edition with services like Apache, Postfix etc...

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Lukas, other than this issue, openssl in Ubuntu has no open security issues. We backport security fixes and openssl security in Ubuntu is fine. 0.9.8n (or backported patches) is being evaluated for inclusion in Ubuntu, but the issue is quite complicated. For more information, please see (along with the References)

Revision history for this message
Lukas Koranda (lkoranda) wrote :

Jamie, you are definitely right. I would like to clarify it now. To fix latest reported vulnerabilities it should be fine to update to 0.9.8n or backport patches. I'll be happy with that, because this is enough for use with Apache httpd 2.2.15 (or again backported patches) But there is also good oportunity to switch directly to 1.0.0. in Lucid to take a lot of enhancements which indirectly improves security.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Updated have now been released for stable releases, and openssl in Maverick is already fixed.

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
Changed in openssl (Ubuntu Lucid):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers