Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Secure client initiated renegotiation timing bug #2469

Closed
Tazmaniac opened this issue Feb 13, 2024 · 3 comments · Fixed by #2470
Closed

[BUG] Secure client initiated renegotiation timing bug #2469

Tazmaniac opened this issue Feb 13, 2024 · 3 comments · Fixed by #2470

Comments

@Tazmaniac
Copy link

This is an old bug, more frequently triggered since the reduction of the sleep time of the renego loop.

OpenSSL will buffer only the first command till the establishment of the session.
In case of slow session establishment, we could:

  • loose some renego trys missing proper mitigation implementation
  • loose some renego trys missing a real vulnerable host if 2/3 of the tries are lost during session establishment (very slow startup).

In the first case, some HTTP server properly implement mitigation closing connection after 10 tries, but we loose the second try command during session establishment doing effectively 9 tries and not 10 without observing connection close.

In the second case, we have pathologically slow session establishment (a few seconds). Most renego commands are lost during the session start. On a vulnerable host, as more than 2/3 of the command where losts we falsely identify an exponential back-off mitigation.

The proper fix for all this cases is to wait for the session to be established before looping.
@Tazmaniac Tazmaniac mentioned this issue Feb 13, 2024
Merged
@drwetter
Copy link
Collaborator

Thanks, in the outcome I see only a change for portail.baiemahault.fr (top: w/o , bottom: w your PR):

image

They all reach the 10th attempt though.

Is that what you meant?

@Tazmaniac
Copy link
Author

Tazmaniac commented Feb 20, 2024
edited
Loading

Yes portail.baiemahault.fr before/after is OK

  • vcsa.ceva.com : They fixed their performance problem and reach the 10 attempts with or without the fix in my case. During previous testing and fix development they only reach 4 attempts without the fix and so where falsely identified as "mitigated".
  • intranet.routesdeguadeloupe.fr: hum, mystery. I checked locally and get the intended result all the time : unpatched => vulnerable. Patched "not vulnerable (OK) -- mitigated (disconnect after 10/10 attempts)". I re-checked with your actual 3.2 branch : "VULNERABLE (NOT ok), DoS threat (10 attempts)", patched locally and get "not vulnerable (OK) -- mitigated (disconnect after 10/10 attempts)"

Do you try to connect to the URL with a navigator ? You should get a redirect to https://intranet.routesdeguadeloupe.fr/auth/

curl --insecure -I https://intranet.routesdeguadeloupe.fr
HTTP/1.1 302 Moved Temporarily
Date: Tue, 20 Feb 2024 07:37:36 GMT
Connection: Close
Location: /auth/
Cache-Control: no-store,no-cache,must-revalidate
Pragma: no-cache
Expires: -1
Last-Modified: Mon, 12 Jan 2000 13:42:42 GMT
Content-Type: text/html

@drwetter
Copy link
Collaborator

For intranet.routesdeguadeloupe.fr I always got VULNERABLE (NOT ok), DoS threat (x attempts) with x=6 for the actual branch and x=10 with your patch.

Anyway, I'll merge it. Thanks!

@prabhakaran-motorq prabhakaran-motorq mentioned this issue Oct 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Correct client_renego timing bug. Tazmaniac/testssl.sh
2 participants
@Tazmaniac @drwetter