Detecting whether the server is turned renegotiated (for the CVE-2011-1473 vulnerability detection)

Others 2019-09-19 06:38:52 views: null

background

  As the re-negotiation of key server-side cost at least 10 times the client, so an attacker can use this process to the server launch denial of service attacks. OpenSSL 1.0.2 and previous versions are affected.

method

  Use OpenSSL (linux basic system comes with) server connected to the test:

    - openssl s_client -connect ip:port
    - HEAD / HTTP/1.0
    - R

Examples

  Server port 443 is closed renegotiation, use openssl s_client -connect 172.31.0.22:443 connection test (removed some certificate information):

[root@localhost ~]# openssl s_client -connect 172.31.0.22:443 
CONNECTED(00000003)
depth=0 CN = HTTPS-Self-Signed-Certificate
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = HTTPS-Self-Signed-Certificate
verify return:1
---
Certificate chain
 0 s:/CN=HTTPS-Self-Signed-Certificate
   i:/CN=HTTPS-Self-Signed-Certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
subject=/CN=HTTPS-Self-Signed-Certificate
issuer=/CN=HTTPS-Self-Signed-Certificate
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1254 bytes and written 463 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: AAF98A92D700189C29EEFE766769E6E5641BAC6A9AB96BC7D1302AE79D21CA06
    Session-ID-ctx: 
    Master-Key: 36FC13A9ADBC82EB9E0CC60F9981E2A3D6A2BEC093A0415AFB2A843880174709BB1A87946AA698D95DA3788C72D621CB
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    Start Time: 1567604880
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
HEAD / HTTP/1.0
R
RENEGOTIATING
140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:

  SSL handshake is completed, the input HEAD / HTTP / 1.0, and then return, input 'R' triggered renegotiation, server error and disconnect case:

140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:

  Description Server re-negotiation function is turned off.

 

  Server 4443 port closed renegotiation, use openssl s_client -connect 172.31.0.22:4443 connection test (removed some certificate information):

[root@localhost ~]# openssl s_client -connect 172.31.0.22:4443
CONNECTED(00000003)
depth=0 CN = HTTPS-Self-Signed-Certificate
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = HTTPS-Self-Signed-Certificate
verify return:1
---
Certificate chain
 0 s:/CN=HTTPS-Self-Signed-Certificate
   i:/CN=HTTPS-Self-Signed-Certificate
---
Server certificate
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
subject=/CN=HTTPS-Self-Signed-Certificate
issuer=/CN=HTTPS-Self-Signed-Certificate
---
No client certificate CA names sent
---
SSL handshake has read 845 bytes and written 463 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-SHA
    Session-ID: 6D0DF6EFC8491C9DEEB0161B85A47C101CF5DA9A9CD4EAA4EFCEEF46571A2A2F
    Session-ID-ctx: 
    Master-Key: B3BBD776EA24230B37E7EF4B2EAF02D6D66185F12D3C87640308FB1996E0BDA4A94CDB35455D0E98A5C34AAAF6EA1C7F
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    ......
    Start Time: 1567605522
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
HEAD / HTTP/1.0
R
RENEGOTIATING
depth=0 CN = HTTPS-Self-Signed-Certificate
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = HTTPS-Self-Signed-Certificate
verify return:1
HEAD / HTTP/1.0

HTTP/1.1 400 Bad request
Date: Wed, 04 Sep 2019 05:43:05
Content-Length: 0

^C

  And using the same operation as above, transmits 'R' trigger re-negotiation, re-negotiation is successful can be seen, the connection is normal, then send HEAD / HTTP / 1.0 again, knocking Enter twice to obtain the server response 400. Description Server re-negotiation enabled.

to sum up

  OpenSSL server connection test by renegotiated, if the server is turned off renegotiated transmitting terminal 'R' being given and disconnect.

Reference material

  https://mailarchive.ietf.org/arch/msg/tls/wdg46VE_jkYBbgJ5yE4P9nQ-8IU

  https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html

Guess you like

Origin www.cnblogs.com/yurang/p/11532462.html
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com