[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jan 27 19:14:59 UTC 2016
On Wed, Jan 27, 2016 at 07:07:36PM +0000, Salz, Rich wrote:
> > What attack do you have in mind via spreading a cookie good for just one
> > source IP address? Sure the botnet can source TFO from that same IP
> > address that got the original cookie. Why is that useful?
>
> It's an amplification attack. I don't care about ever getting any reply
> back. As I first said, it makes UDP-style attacks possible in the TCP
> domain, and you don't know where the attack is coming from.
Please explain. The traffic can only come from the party who
initially obtains the cookie in a full round-trip. How does the
botnet DoS some third party with this?
Or is it just the slightly larger response size in the server's
SYN-ACK + cookie vs. SYN-ACK on the initial cookie request?
A reasonably secure HMAC need not be longer that 256 bits or 32
bytes, so the SYN-ACK is larger by 32 bytes + a couple of bytes of
option encapsulation. If that's all, UDP is far more effective.
Anyway, this has little relevance to support of TFO in OpenSSL,
the attack is the same whether we support SSL handshakes with
TFO or not.
--
Viktor.
More information about the openssl-dev
mailing list