wolfSSL has added support for secure renegotiation in DTLS 1.2 as defined in RFC 5746. Secure renegotiation is an extension to (D)TLS 1.2 which fixes the vulnerability found in the original specification. Previously, a third party could use renegotiation to inject malicious data preceding valid data from the client. This could be accomplished by establishing a (D)TLS connection with the target server and sending data over this connection. The third party can then intercept a handshake initiation attempt from the client and send this over its already established connection to trigger a renegotiation. The client’s connection is then established over the third party’s connection. From the perspective of the server the client sent data and then initiated a renegotiation. This is dangerous as the application layer could interpret this as a single valid stream of data causing the malicious traffic to be used in the context of the client’s valid traffic.
RFC 5746 (D)TLS Renegotiation Indication Extension creates a cryptographic binding between the renegotiation and the underlying (D)TLS to disallow a man in the middle attack on the secure connection. In a secure renegotiation, the client and server dismiss an invalid renegotiation attempt.
(D)TLS secure renegotiation may be used for example to establish new cryptographic parameters to increase security. It may also be used to request a certificate from the other party to require authentication before completing some action in the application layer.
To use secure renegotiation in wolfSSL use the “–enable-secure-renegotiation” configure option. For more build options refer to the second chapter of the wolfSSL User Manual.
The wolfSSL DTLS 1.2 secure renegotiation implementation is also compatible with our asynchronous module! Use hardware acceleration and don’t wait on pending cryptographic operations! If you have any questions, contact us at facts@wolfssl.com.