Client-Initiated SSL Renegotiation Permitted

Question

Client-Initiated SSL Renegotiation Permitted

Closed this issue a year ago · 4 comments

I'm having an issue:

[2023 Pen-Testing]

Description
The server allows the connecting client to initiate SSL renegotiation. SSL renegotiation describes the process of the client and server renewing their consensus on which specific operating mode (including cipher suite etc.) they will use to communicate with each other securely. This process is much more computationally expensive for the server than the client, however, which means that if the client makes a large number of renegotiation requests, they may be able to cause the server to enter a denial-of-service (DoS) condition. This is known an SSL renegotiation attack, and can result in your web application becoming inaccessible to legitimate visitors. For this reason, only the server should be able to initiate SSL renegotiation.

Recommendation Disable client-initiated SSL renegotiation on your server if possible.

2023 Pen-Testing Report

nodejs and peerServer versions and program running

Is there any way to disable SSL renegotiation on Ubuntu 20.04?

Answer 1 · 2023-11-29T08:35:47.000Z

From the Node TLS docs:

To mitigate the risk, renegotiation is limited to three times every ten minutes. An 'error' event is emitted on the tls.TLSSocket instance when this threshold is exceeded. The limits are configurable:

tls.CLIENT_RENEG_LIMIT Specifies the number of renegotiation requests. Default: 3.
tls.CLIENT_RENEG_WINDOW Specifies the time renegotiation window in seconds. Default: 600 (10 minutes).
The default renegotiation limits should not be modified without a full understanding of the implications and risks.

TLSv1.3 does not support renegotiation.

As far as I understand: although your scanning tool detects the potential for renegotiation, NodeJS constraints render it ineffective for a DoS attack under the default settings.

You can prevent renegotiation by setting tls.CLIENT_RENEG_LIMIT to 0.

Answer 2 · 2023-11-29T08:40:53.000Z

Is there an official version of Peerjs or nodejs that disables this feature? Do I need to modify the code? Do you have a solution here?

Answer 3 · 2023-11-29T09:11:20.000Z

No for PeerServer, and probably no for Node.

The default renegotiation limits should not be modified without a full understanding of the implications and risks.

I’m not sure you fully understand implications and risks (I don’t either). I would advise against changing this, just to mute a warning in a pentesting suite. If you need to change this, you can modify the settings passed to the underlying `https.createServer` instance by changing the `ssl` property of the first argument to the `PeerServer` function

Answer 4 · 2023-11-29T09:20:08.000Z

How to modify it, what to modify it to