background
As the re-negotiation of key server-side cost at least 10 times the client, so an attacker can use this process to the server launch denial of service attacks. OpenSSL 1.0.2 and previous versions are affected.
method
Use OpenSSL (linux basic system comes with) server connected to the test:
- openssl s_client -connect ip:port
- HEAD / HTTP/1.0
- R
Examples
Server port 443 is closed renegotiation, use openssl s_client -connect 172.31.0.22:443 connection test (removed some certificate information):
[root@localhost ~]# openssl s_client -connect 172.31.0.22:443 CONNECTED(00000003) depth=0 CN = HTTPS-Self-Signed-Certificate verify error:num=18:self signed certificate verify return:1 depth=0 CN = HTTPS-Self-Signed-Certificate verify return:1 --- Certificate chain 0 s:/CN=HTTPS-Self-Signed-Certificate i:/CN=HTTPS-Self-Signed-Certificate --- Server certificate -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE----- subject=/CN=HTTPS-Self-Signed-Certificate issuer=/CN=HTTPS-Self-Signed-Certificate --- No client certificate CA names sent Server Temp Key: DH, 1024 bits --- SSL handshake has read 1254 bytes and written 463 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-SHA Session-ID: AAF98A92D700189C29EEFE766769E6E5641BAC6A9AB96BC7D1302AE79D21CA06 Session-ID-ctx: Master-Key: 36FC13A9ADBC82EB9E0CC60F9981E2A3D6A2BEC093A0415AFB2A843880174709BB1A87946AA698D95DA3788C72D621CB Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 3600 (seconds) TLS session ticket: Start Time: 1567604880 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- HEAD / HTTP/1.0 R RENEGOTIATING 140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:
SSL handshake is completed, the input HEAD / HTTP / 1.0, and then return, input 'R' triggered renegotiation, server error and disconnect case:
140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:
Description Server re-negotiation function is turned off.
Server 4443 port closed renegotiation, use openssl s_client -connect 172.31.0.22:4443 connection test (removed some certificate information):
[root@localhost ~]# openssl s_client -connect 172.31.0.22:4443 CONNECTED(00000003) depth=0 CN = HTTPS-Self-Signed-Certificate verify error:num=18:self signed certificate verify return:1 depth=0 CN = HTTPS-Self-Signed-Certificate verify return:1 --- Certificate chain 0 s:/CN=HTTPS-Self-Signed-Certificate i:/CN=HTTPS-Self-Signed-Certificate --- Server certificate -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE----- subject=/CN=HTTPS-Self-Signed-Certificate issuer=/CN=HTTPS-Self-Signed-Certificate --- No client certificate CA names sent --- SSL handshake has read 845 bytes and written 463 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA Session-ID: 6D0DF6EFC8491C9DEEB0161B85A47C101CF5DA9A9CD4EAA4EFCEEF46571A2A2F Session-ID-ctx: Master-Key: B3BBD776EA24230B37E7EF4B2EAF02D6D66185F12D3C87640308FB1996E0BDA4A94CDB35455D0E98A5C34AAAF6EA1C7F Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 3600 (seconds) TLS session ticket: ...... Start Time: 1567605522 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- HEAD / HTTP/1.0 R RENEGOTIATING depth=0 CN = HTTPS-Self-Signed-Certificate verify error:num=18:self signed certificate verify return:1 depth=0 CN = HTTPS-Self-Signed-Certificate verify return:1 HEAD / HTTP/1.0 HTTP/1.1 400 Bad request Date: Wed, 04 Sep 2019 05:43:05 Content-Length: 0 ^C
And using the same operation as above, transmits 'R' trigger re-negotiation, re-negotiation is successful can be seen, the connection is normal, then send HEAD / HTTP / 1.0 again, knocking Enter twice to obtain the server response 400. Description Server re-negotiation enabled.
to sum up
OpenSSL server connection test by renegotiated, if the server is turned off renegotiated transmitting terminal 'R' being given and disconnect.
Reference material
https://mailarchive.ietf.org/arch/msg/tls/wdg46VE_jkYBbgJ5yE4P9nQ-8IU
https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html