Stitched vs non-Stitched Ciphersuites
Michael Wojcik
Michael.Wojcik at microfocus.com
Wed Feb 27 18:10:02 UTC 2019
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
> Matt Caswell
> Sent: Wednesday, February 27, 2019 12:07
>
> On 27/02/2019 16:47, Michael Wojcik wrote:
> >
> > Frankly, this latest vulnerability in OpenSSL 1.0.2 feels pretty minor in
> > that regard, since it depends on two different (if related) behaviors by the
> > application to be vulnerable. The application has to incorrectly attempt a
> > second SSL_shutdown if the first one fails (it should only do the second if
> > the first succeeds),
>
> This is not quite correct. It requires you to incorrectly call SSL_shutdown()
> twice (once to send a close_notify, and once to receive one) having previously
> encountered a fatal error.
Thanks for the correction. Still the general point applies: it depends on the application having rather suspect error handling, and on having visibly different behavior for the two cases in order to provide an oracle.
Perhaps that's not uncommon, but I checked some of our products which use OpenSSL, and they didn't have either behavior.
--
Michael Wojcik
Distinguished Engineer, Micro Focus
More information about the openssl-users
mailing list