Progress being made on the TLS renegotiation attacks
November 26, 2009
According to Netcraft November's SSL Survey, on average, twenty-four of the one-hundred or so most popular HTTPS websites appear to be safe for now from the recently documented TLS renegotiation flaws. However, the other 76 sites are still vulnerable to TLS renegotiation attacks, which allow a so-called man-in-the-middle attacker to inject data into secure communication streams.
A TLS renegotiation attack is one that allows a client and server who already have a TLS connection to negotiate new parameters, generate new keys, etc. Renegotiation is carried out in the existing TLS connection, with the new handshake packets being encrypted along with application packets.
The difficulty is that they're not otherwise tied to the channel, which gives the attacker a window of opportunity. In order to mount the attack, the attacker first connects to the TLS server. He can then communicate with the server as much as he wants, including making an arbitrary number of requests/responses, etc.
The traffic is all encrypted, so when the attacker is ready, he simply hijacks the client's connection to the server and just proxies the client's traffic over the encrypted channel. The client then negotiates with the server and from that point the client and the server communicate directly.
Note that the client is communicating with the attacker in the clear but the second handshake is encrypted and goes over the attacker's channel, so client doesn't know that he is renegotiating.
But the server thinks that the initial traffic with the attacker is also from the client. There are also other variants where both sides see a renegotiation but of different connections.
In and by itself, TLS is just a security protocol, so the impact of this attack depends on the application protocol running over TLS. The most important of these protocols is of course HTTP over TLS (HTTPS). Most Internet applications do initial authentication via a username/password pair and then persist that authentication state with HTTP cookies.
An attacker might exploit this issue by sending a partial HTTP request of his own that requested some resource. This then gets prefixed to the client's real request.
To simply demonstrate the seriousness of the issue, Anil Kurmus published details of a potential attack scenario that showed how the security hole could be used to steal passwords from vulnerable sites such as Twitter and others.
Among the top 100 HTTPS websites, there are several banks and eCommerce sites that still remain very vulnerable and that is worrisome to many security experts. A few of these sites give the appearance of being intermittently vulnerable, as client requests are load balanced among a mixture of vulnerable and non-vulnerable servers.
Ben Laurie of Google was working on the renegotiation flaw around six weeks before it was made public, so it is perhaps unsurprising that 7 of the 24 safe sites are owned by Google.
Surprisingly, a further seven websites are running Microsoft IIS 6.0, which is currently believed not to be vulnerable, to the great surprise of some security experts.
Since discovering the TLS renegotiation issue, PhoneFactor has created a Status of Patches list, showing which vendors have already responded to the problem. A few were quick to act by disabling renegotiation support in their products, and some vendors have already implemented Eric Rescorla's proposed fix.
Netcraft's November SSL Survey found 1,217,395 distinct valid third-party SSL certificates in use on the Internet.
Get the best Linux or Windows Web hosting plan for your website.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing