On 02/11/2015 05:02 PM, Albe Laurenz wrote:
> It seems that SSL renegotiation between the JDBC driver and
> the PostgreSQL server is broken and has been forever, or at least
> for a while.
Hah, we're just discussing similar issues over at pgsql-hackers :-).
> I can reproduce this with the following software versions:
> Client side:
> Windows, JDBC driver postgresql-9.1-901.jdbc4, java full version "1.7.0_71-b14"
> Linux, JDBC driver postgresql-9.4-1200.jdbc41, java full version "1.7.0_75-mockbuild_2015_01_08_20_32-b00"
> Server side:
> Windows: PostgreSQL 9.4.0 with OpenSSL 1.0.1j
> Linux: PostgreSQL 9.3.6, 9.4.1, git HEAD with OpenSSL 1.0.1e
>
> All of these Java and OpenSSL versions are recent enough to adhere to RFC 5746.
>
> There must be a software bug somewhere.
I could reproduce this too, thanks for the test case. It looks like an
OpenSSL bug to me.
> I am trying to debug this, but don't know a lot aboult TLS, so
> if somebody can shed light on this, I'd be grateful.
I've been reading on the subject in the last few days, and I think I'm
enough up to speed now to understand this. I launched the test program
in a debugger to see what messages are exchanged during the renegotiation.
Renegotiation at the protocol level is always initiated by the Client.
When the server wants to initiate it, it just sends a message to the
client that means "hey, could you begin renegotiation, please?". The
actual handshake goes something like this:
C: ClientHello
S: ServerHello (or a bunch of other messages?)
S: ServerHelloDone
C: ClientKeyExchange
C: ChangeCipherSpec
C: Finished
S: ChangeCipherSpec
S: Finished
Now, what happens in this test case is that the client also sends
ApplicationData messages between the ClientHello and Finished steps,
interleaved with the above handshake messages. According to the TLS
spec, that is allowed, but OpenSSL get confused by it.
I can't come up with any way to work around that, unfortunately :-(.
- Heikki