-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2011-0007 Title: Potential DoS threat against SSL/TLS servers Version history: 28.10.2011 Initial publication Summary ======= A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a single PC with a DSL connection might be enough to take all resources of an average SSL server. It will require more resources (about 20 laptops) to take the resources of larger server farms. This makes the threat more important than standard DoS attempts through resource exhaustion. The hacker group claims that the same kind of attack can also be done by modifying the released tool and without exploiting the renegotiation feature but then it requires more resources (bots) at attacker side. The latter tool has not be released by the hacker group. Any server using SSL, including HTTPS, POP3S, SMTPS, is impacted. The tool has been officially released on 24 October 2011, however it was leaked a couple of months ago. Potential impact ================ The attack allows an attacker to consume all resources of the targeted SSL server preventing genuine users to use the provided service. Mitigating factors ================== The scale of the targeted server farm and load balancer systems might be mitigating factors as it will require more resources for the attacker (several bots) to perform this attack. What can you do? ================ This is a flaw in SSL/TLS protocol, no patch is available for this issue. There are other mitigating controls: * Disable the Renegotiation feature from client requests at your SSL/TLS server. Note that this control will mitigate the more efficient exploit of the tool and should already be implemented to mitigate other known SSL flaws when using client authentication (2-way SSL). Other additional controls: * Limit the number of simultaneous connections from the same source. The tool intends to perform simultaneous connections so this control can help to mitigate the attack. * Release the resources: if supported at your server, set adequate timeouts like idle time and time to complete a full/partial handshake. This will release the resources of your server to handle other requests. * Use hardware accelerated modules to handle the SSL sessions. Hardware like HSM or Appliances may support this. * Increase the capacity of your server farms in line with your availability needs. What to tell your users? ======================== No action. This is an issue at server side. More information ================ [1] http://www.thc.org/thc-ssl-dos [2] http://www.ietf.org/mail-archive/web/tls/current/msg03948.html Best Regards, CERT-EU Pre-configuration Team Phone: +32.2.2990005 e-mail: cert-eu@ec.europa.eu Website: cert.europa.eu CERT-EU PGP KeyID/Fingerprint: 46AC 4383 / 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- iQJXBAEBAgBBBQJOqqmuOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4M9XQ/9Hwkf65aV yaMuarMk1sfKFYvNNoRiYjjzNKChgP2bQt7kmFrGOSCsaaIDQSA7sjYLDaRD3QnV uKZmqzyaRR4eB3ypXSfhfNbxYAAyI6MU1ZtkGcoyQbMHGMr47WG5XdfHBxi/L6cT y1DYbHpnRAMB6uu3BFukAotj3ukjIULDcK97rGfuSZNMFmw4qdP0RgsGdHXbjR7Z JdO+HvtgJP0JOfHsejL8zljXLANpXXZHcW2pnME3eAMkSnsOOKfq6CDKIJ/aKaV3 fNUqr/eLvBCx2A9vQHuPPMMEZIGtiINoLZiQ8fSmzG1AALz6WXSXQKMQOYGJdqBz 41Wf6waTxvKI2Zl17/2otPYB5yLUrq7FDtBvVrZSAOZd0VzJjYFX6povqN/yy/sy Q0M3PbF3y8l1Gr+YXWN4wgieEelCSvYIfWhhtPtHXS3759wi+b6ED57o28HUSoJA LjnfeM/k/HQX1ip3Mr6ToF/AkhsDV9CbPYFVUsqb8Md5hOAO2YOS8KO/1tsh1KUD J+LpH+OQF0VKYPEta72S6B6+PYzf2FfDyroV3oxTghoZtuOidyoYWA4pSjOW+2pu GG46GJhxqZoAlXAjqXDPO53JwqGoPbl1O2A7YWCCfLdn3vU9yC1u/n+gSPJclZIc xh/ybAOwNwsyiu2+DPvkbuLrdOzKxFcj0AQ= =Bipz -----END PGP SIGNATURE-----