Re: [TLS] SSL Renegotiation DOS

Martin Rex <mrex@sap.com> Tue, 15 March 2011 16:06 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56D623A690F for <tls@core3.amsl.com>; Tue, 15 Mar 2011 09:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.221
X-Spam-Level:
X-Spam-Status: No, score=-10.221 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JKm0Vn7+WT+d for <tls@core3.amsl.com>; Tue, 15 Mar 2011 09:06:19 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id E215D3A6DA1 for <tls@ietf.org>; Tue, 15 Mar 2011 09:06:18 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p2FG7g6l010180 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 15 Mar 2011 17:07:43 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201103151607.p2FG7g47008253@fs4113.wdf.sap.corp>
To: jorge@orchilles.com (Jorge A. Orchilles)
Date: Tue, 15 Mar 2011 17:07:42 +0100 (MET)
In-Reply-To: <AANLkTin2i3+K8oV68pZFJ0xabjEugJLePyZTTaZSr0VE@mail.gmail.com> from "Jorge A. Orchilles" at Mar 15, 11 08:31:28 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] SSL Renegotiation DOS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 16:06:20 -0000

Jorge A. Orchilles wrote:
> 
> Marsh Ray has invited me to present my research and report on SSL/TLS
> Renegotiation Denial of Service on this mailing list. I have posted this on
> my site and will paste here for your feedback:
> http://orchilles.com/2011/03/ssl-renegotiation-dos.html
> 
> *SSL/TLS Renegotiation Denial of Service*
> 
> An SSL/TLS handshake requires at least 10 times more processing power on the
> server than on the client.

I'm sorry, I completely fail to see what renegotiation has to do
with the DoS capability here.

The TLS protocol is a cryptographic protocol, and servers that expect
to talk to real clients performing the protocol as designed will attempt
to perform the cryptographic operations as requested.

A DoS-client could simply open new connections to the SSL server and
blindly fire away precompiled static SSL handshake messages, forcing the
server to do crypto work.  You should be able to make most servers
perform RSA decrypts on arbitrary data, and a significant number
to perform DHE computations.

-Martin