Comment Re:Analysis of this from TLS WG Chair (Score 1) 47
It's a real attack and a real DoS vector. SSL/TLS is definitely weak in this regard.
But it's not new and it doesn't have much to do with renegotiation.
It's a real attack and a real DoS vector. SSL/TLS is definitely weak in this regard.
But it's not new and it doesn't have much to do with renegotiation.
This is not a bug. We fixed renegotiation with the RFC 5746 RI extension! That said, SSL has long been known to impose more work on the server than on the client and renegotiations are no different than initial handshakes in this respect.
Servers that accept client-initiated renegotiation make things slightly more efficient for the DoS attacker, it saves him maybe three packets. More significantly, it may bypass mitigations that are only looking for TCP SYN packets. But the attacker's mileage will vary.
Eric Rescorla (SSL/TLS RFC author) has a good blog post about the issue. http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html
Lots of guys now order from a couple big shops
There was this popular movie "The China Syndrome" with Jane Fonda about a news crew that just happened to be in the right place at the right time to film a nuclear plant accident from the control room. The company tried to cover it up and the good guys got all activist and stuff. http://en.wikipedia.org/wiki/The_China_Syndrome
There was this really weird coincidence where there was an accident at a real nuclear plant (Three Mile Island) at the same time the film was running.
I mentioned Qualys' SSL Labs nice test utility in another comment.
The fix is to ask your vendor for a patch for CVE-2009-3555 which implements RFC 5746 Transport Layer Security (TLS) Renegotiation Indication Extension. Responsible vendors will have implemented support for RFC 5746 by now so you may already be patched.
The blind plaintext injection capability that an exploit gives to the attacker was uncommon at the time and the initial reaction among experts was that it looked a lot like a CSRF attack. Most important sites had built in some protections against that.
It wasn't until a few days later when it was demonstrated against a social networking site (Twitter) that the problem was declared "real" (by Slashdot).
So it's a complex exploit and it did take a few days for a consensus to emerge about the actual severity.
Email them and ask why they haven't applied the fix for CVE-2009-3555!
Note that "not supporting secure renegotiation" doesn't necessarily mean that the site itself is insecure, it means that the browser is unable to determine if it is or not. The degree to which this is a meaningful distinction is a really interesting discussion.
But it does suggest that they have a really clueless vendor or they haven't applied security patches in a long time.
Millions of guesses per second is pretty common for modern GPUs.
Living on Earth may be expensive, but it includes an annual free trip around the Sun.