[openssl-dev] [RFC PATCH] doc/ssl: describe the possible DoS via repeated SSL session re-negotiation
Sebastian Andrzej Siewior
openssl-dev at ml.breakpoint.cc
Tue Aug 9 19:51:32 UTC 2016
On 2016-08-09 19:26:44 [+0000], Viktor Dukhovni wrote:
> On Tue, Aug 09, 2016 at 09:18:58PM +0200, Sebastian Andrzej Siewior wrote:
> > I don't really know what I am supposed to do with this information. Do
> > you want me to add this as an example into the doc patch or do you
> > simply point out that others already took precautions?
>
> CPU exhaustion attacks on servers are a fundamental feature of TLS.
I mentioned this.
> I am not sure that OpenSSL needs to say anything about this. Server
> applications that want to protect against inadvertent DoS by buggy
> clients can implement the obvious counter-measure (rate limit
> handshakes with clients that generate too many new sessions per
> sample interval). If you feel that this is not obvious, and others
> agree, feel free to propose some text.
I tried. There was some text in the patch.
> Note, that deliberate DoS and especially DDoS will overcome even
> rate limits, by attacking from multiple clients, or just flooding
> the target network. So this can only protect against accidents,
> not malice by capable adversaries.
I don't claim the opposite. I came across server software which supports
client side renegotiation and I don't think that this is required and
would like to patch it out. So far, so good? And then there is the
"same" thing if the attacker starts multiple connections the sake of a
handshake. So I though to point this out as well. And then I though it
would be nice to document this within the openssl documentation so I
could just point there and make them aware.
Sebastian
More information about the openssl-dev
mailing list