[PATCH] slaying the BEAST (TLS 1.0 exploiting)
Maxim Dounin
mdounin at mdounin.ru
Sat Oct 1 09:50:57 UTC 2011
Hello!
On Sat, Oct 01, 2011 at 07:52:37AM +0200, Srebrenko Šehić wrote:
> Hi,
>
> You've probably heard it already. SSL was hacked and broken. You can
> read about it at
> http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/.
> Some more commentary at
> http://blogs.cisco.com/security/beat-the-beast-with-tls/
>
> As it turns out, OpenSSL people implemented a fix for this almost 10
> years ago. Details at http://www.openssl.org/~bodo/tls-cbc.txt
>
> Attached is a patch against 1.0.6 which introduces
> "ssl_dont_insert_empty_fragments" flag to control whether this
> workaround is enabled or not. Currently, it was hardcoded to disabled.
> This patch makes it optional.
>
> Note: this patch breaks certain old browsers which choke on the
> workaround. This was tested with IE6.
>
> Comments?
The patch won't help to stop BEAST (CVE-2011-3389), you need fix
on *client* side to stop it. More details about the attack
may be found here:
http://vnhacker.blogspot.com/2011/09/beast.html
https://bugzilla.mozilla.org/show_bug.cgi?id=665814
The only server-side workaround I'm currently aware of is using
non-CBC ciphers, i.e.
ssl_ciphers RC4-SHA;
(Of course migrating to the TLS 1.1+ is a better option, but it's
not yet here.)
For OpenSSL's "insert empty fragments" workaround on a server
side, situation hasn't changed much since 2003: there is problem,
there are no known attacks, and workaround causes major
interoperability problems.
(Probably working on better workaround in OpenSSL would be a good
idea. It looks like Chrome's one-byte one causes much less
problems.)
Maxim Dounin
More information about the nginx-devel
mailing list