hngopher.com

       [HN Gopher] OpenSSL security advisory: Infinite loop reachable w...
       ___________________________________________________________________
        
       OpenSSL security advisory: Infinite loop reachable when parsing
       certificates
        
       Author : psanford
       Score  : 150 points
       Date   : 2022-03-15 16:54 UTC (6 hours ago)
        
 (HTM) web link (www.openssl.org)
 (TXT) w3m dump (www.openssl.org)
        
       | beny23 wrote:
       | I wouldn't have thought this an issue if you're behind an AWS WAF
       | or LB? (and assuming AWS is patched already)
        
         | nazlorenzo wrote:
         | This vulnerability affects parsing maliciously crafted
         | certificates, so it will mostly affect clients. If your app is
         | fetching data from a 3rd party and validating its certificate,
         | it may be vulnerable, regardless of how you are fronting
         | requests to your site.
        
           | lmilcin wrote:
           | > This vulnerability affects parsing maliciously crafted
           | certificates, so it will mostly affect clients.
           | 
           | Actually, it is the opposite.
           | 
           | You seem to be unaware of the fact that servers do receive
           | certificates from the clients which are then parsed.
           | 
           | Which is already mentioned in the advisory document:
           | "Thus vulnerable situations include:             - TLS
           | clients consuming server certificates        - TLS servers
           | consuming client certificates <---- here        - Hosting
           | providers taking certificates or private keys from customers
           | - Certificate authorities parsing certification requests from
           | subscribers        - Anything else which parses ASN.1
           | elliptic curve parameters"
        
             | alexw91 wrote:
             | That's not how the TLS handshake works. The TLS server must
             | be configured to request a certificate from the client in
             | order for the client to know that it needs to send a client
             | certificate to the server, and that server-side
             | configuration is disabled for ~99%+ of endpoints.
             | 
             | TLS server implementations should be aborting the TLS
             | connection for violating the TLS Handshake state machine if
             | a client attempts to send a client certificate when it
             | wasn't requested.
             | 
             | So while this bug affects both clients and servers, 100% of
             | clients are parsing the server's TLS cert during the TLS
             | handshake, but less than ~1% of servers are parsing a
             | client's certificate during a handshake.
        
               | lmilcin wrote:
               | There is very little reason to DOS a client and a lot of
               | reasons to attack servers.
               | 
               | There is a huge number of public facing services that
               | implement mutual auth and all those are potentially
               | vulnerable to DOS. While clients can just decide to not
               | connect to a web service that causes their browser to
               | malfunction (and why have you connected there in the
               | first place?)
               | 
               | So yes, those servers that do request client certificate
               | are targets and my point still stands that servers are
               | much more affected than the clients.
               | 
               | What would be an affected client? You keep connecting to
               | this infected website that causes your browser to die?
               | Somebody embedded some tracking on their page that now
               | points to an infected website? Everybody will just move
               | on and it is hard to say you are very much affected by
               | this problem.
               | 
               | Whereas if you are a service and you are affected you
               | absolutely need to implement a fix.
        
         | jcims wrote:
         | Depends if s2n is vulnerable to the same bug. Of course AWS
         | doesn't protect you against application bugs so if your
         | application has an SSRF vulnerability (presumably otherwise
         | unexploitable) an attacker might be able to DoS you.
         | 
         | They don't mention S/MIME or things like signed binaries or
         | SAML assertions but those seem plausibly vulnerable as well.
        
         | acdha wrote:
         | For an intermediary like a WAF, load-balancer, or CDN to help
         | it needs to do all of the certificate processing and keep your
         | backend app from seeing the certificate at all. If you are
         | terminating HTTPS at the edge and using HTTP internally that's
         | very likely but if you're using an NLB instead of an ALB, it's
         | not. Similarly, you'd also want to see if there's any
         | application-level path where a certificate would be included in
         | an uploaded file but that's far less common.
        
         | jamespwilliams wrote:
         | I think nearly everything at AWS uses s2n and not OpenSSL these
         | days
        
           | justinsaccount wrote:
           | Has s2n been fips certified? I thought some things
           | (govcloud?) were still using openssl due to fips
           | requirements.
        
             | znep wrote:
             | I'm not sure what they are using right now, but they
             | currently have the "AWS-LC Cryptographic Module" listed as
             | being in process for validation which may be sufficient for
             | s2n.
             | 
             | I know there are other AWS features/services that are lined
             | up behind that validation for FIPS support.
        
       ___________________________________________________________________
       (page generated 2022-03-15 23:01 UTC)