Versions Affected : All versions prior to TrueNAS 12.0-U3

---

Description

This advisory covers two distinct OpenSSL issues: X509_V_FLAG_X509_STRICT & TLSv1.2 renegotiation ClientHello message.

A TLSv1.2 renegotiation ClientHello message sent to a TLS server that omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension results in a NULL pointer dereference in the server. [CVE-2021-3449] The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. [CVE-2021-3450]

---

Workaround

For the X509_V_FLAG_X509_STRICT issue, no workaround is available, but software that doesn’t explicitly set the X509_V_FLAG_X509_STRICT flag is unaffected. For the renegotiation issue, either turning off TLSv1.2 (as TLSv1.3 is unaffected) or turning off renegotiation on the TLS server mitigates the issue.

---

Mitigation

• Upgrade to TrueNAS 12.0-U3 or later.

---

Commit

• FreeBSD Revision : r369523
• TrueNAS Commit : 48cad76
• JIRA Ticket : NAS-109604

---

Further information

• FreeBSD Security Advisory Entry
• NIST CVE-2021-3449 Entry
• NIST CVE-2021-3450 Entry