OpenSSL Security Advisory

Hubert Kario hkario at
Thu Mar 25 17:05:02 UTC 2021

On Thursday, 25 March 2021 15:03:24 CET, OpenSSL wrote:
> Hash: SHA256
> OpenSSL Security Advisory [25 March 2021]
> =========================================
> NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
> =====================================================================
> Severity: High
> An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
> ClientHello message from a client. If a TLSv1.2 renegotiation 
> ClientHello omits
> the signature_algorithms extension (where it was present in the initial
> ClientHello), but includes a signature_algorithms_cert extension then a NULL
> pointer dereference will result, leading to a crash and a denial of service
> attack.
> A server is only vulnerable if it has TLSv1.2 and renegotiation 
> enabled (which
> is the default configuration). OpenSSL TLS clients are not impacted by this
> issue.
> All OpenSSL 1.1.1 versions are affected by this issue. Users of 
> these versions
> should upgrade to OpenSSL 1.1.1k.
> OpenSSL 1.0.2 is not impacted by this issue.
> This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was
> developed by Peter Kästle and Samuel Sapalski from Nokia.

I've created a stand-alone reproducer for it using tlsfuzzer:

git clone
cd tlsfuzzer
# won't be necessary after 
is merged:
git checkout sig-algs-tests

# install dependencies:
python3 -m venv py3-venv
py3-venv/bin/pip install --pre tlslite-ng

# run the reproducer:
PYTHONPATH=. py3-venv/bin/python3 
scripts/ -h <hostname> -p <port>

In case the server has renegotiation disabled, use the --no-renego option.
In case the server doesn't require presence of signature_algorithms 
extension when signature_algorithms_cert are present (like in case of 
OpenSSL 1.0.2), use the --sig-algs-drop-ok option.

If everything went fine, and the server didn't crash, the test will print
summary like this:

PASS: 12

It's not necessary to install dependencies to a virtual environment,
but that setup is described in the official docs:
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

More information about the openssl-users mailing list