Question About Alert #102997 - Flaw in SSL/TLS Handshake Requests
Hi Everyone,
There is a new (as of July 10th) alert at: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1 , titled, "Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition".
Does this problem effect sockets listening using the cipher suite "TLS_DH_anon_WITH_AES_128_CBC_SHA"? What if the processing is done in a non-blocking manner using SSLEngine? Can it effect the client-side of the handshaking too (assuming the server were to do something malicious)? If the processing is non-blocking, is there a way to detect the excessive handshaking and abort the connection?
Thank you in advance for any answers, or pointers on where/how to find answers.
Sam
[775 byte] By [
sameba] at [2007-11-27 10:43:54]
# 1
Difficult to say for sure until they publish BugID 6542796, but the SSL handshake doesn't depend on the cipher suite, so the problem, whatever it is, probably applies to them all.
The underlying handshake implementation is the same for the SSLEngine as for SSLSocket.
ejpa at 2007-7-28 20:03:28 >
# 2
OK, Thanks for the answer.
Are you sure the handshake doesn't rely on the cipher suite? I would have thought the handshake had to do calculations based on the encoding algorithm, or type of trust. In DH_anon, for instance, it does not require any certificates, whereas normally lookups to trust servers may be required to validate authenticity.
My hope with SSLEngine being exempt was that the denial of service happens over the course of many Runnable (as pulled from getDelegatedTask) and the implementing code could track many Runnables being processed. If it was in the blocking version, it would be a lot harder to determine what's going wrong.
Either way, I guess I'll have to wait for 6542796 to become public.
sameba at 2007-7-28 20:03:28 >
# 3
The handshake protocol and implementation is defined in RFC 2246 and it is independent of the cipher suite. Of course the cipher suite has a part to play in encrypting data transmitted inside handshake records. But the alert is about the handshake implementation, not one or more cipher suites.
ejpa at 2007-7-28 20:03:28 >
