Re: [cryptography] anyone got a how not to use OpenSSL list?
While more proper uses of OpenSSL vs improper, participates of the discussion might enjoy the following whitepaper and tool release by iSEC Partners and an Academic look at popular non-browser SSL failures (bottom): https://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html Everything You’ve Always Wanted to Know About Certificate Validation With OpenSSL: https://www.isecpartners.com/storage/files/everything-you-wanted-to-know-about-openssl.pdf TLSPretense is a tool for testing certificate and hostname validation as part of an TLS/SSL connection https://github.com/iSECPartners/tlspretense This was released in tandem with Dan Boneh, M. Georgiev, S. Iyengar, S. Jana, R. Anubhai's SSL paper: The most dangerous code in the world: validating SSL certificates in non-browser software: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html -Aaron On Wed, Oct 24, 2012 at 8:41 PM, Jeffrey Walton noloa...@gmail.com wrote: On Wed, Oct 10, 2012 at 1:34 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: I want to find common improper usages of OpenSSL library for SSL/TLS. Can be reverse-engineered from a how to properly use OpenSSL FAQ, probably, but would prefer information to the first point rather than its complement. -- http://www.subspacefield.org/~travis/ Calling RAND_pseudo_bytes instead of RAND_bytes. To make matters worst, they return slightly different values - 0 means failure for RAND_bytes; while 0 means non-cryptographic bytes have been returned for RAND_pseudo_bytes. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] anyone got a how not to use OpenSSL list?
Related: https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf On Wed, Oct 10, 2012 at 10:26 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: On Wed, Oct 10, 2012 at 08:56:29PM +0100, Patrick Mylund Nielsen wrote: One thing that I've sadly seen more times than I can shake a stick at is people leaving in aNULL/eNULL, or not including !aNULL:!eNULL in their cipher suite list. I should point out, I meant from a source code and not an operational/environmental perspective... though all such information is entertaining... -- http://www.subspacefield.org/~travis/ Any sufficiently advanced magic is indistinguishable from reality. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] anyone got a how not to use OpenSSL list?
On Wed, Oct 10, 2012 at 1:34 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: I want to find common improper usages of OpenSSL library for SSL/TLS. Can be reverse-engineered from a how to properly use OpenSSL FAQ, probably, but would prefer information to the first point rather than its complement. -- http://www.subspacefield.org/~travis/ Calling RAND_pseudo_bytes instead of RAND_bytes. To make matters worst, they return slightly different values - 0 means failure for RAND_bytes; while 0 means non-cryptographic bytes have been returned for RAND_pseudo_bytes. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] anyone got a how not to use OpenSSL list?
* Ryan Sleevi: Here's a quick list off the top of my head from having poked around various languages' bindings (Python, Perl, PHP, etc), from having seen various rebranded OpenSSL-using products, and from various I just want to do HTTPS Here's another one I came across: do not use the d2i_*_fp and d2i_*_bio ASN.1 decoders because they have received considerably less attention than their d2i_* cousins (which are exposed through TLS certificate parsing) and probably still have bugs. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] anyone got a how not to use OpenSSL list?
Patrick Mylund Nielsen cryptogra...@patrickmylund.com writes: Guess what his optimization was. Yup, he tried every combination of things in SSLCipherSuite and simply chose the one with the lest CPU... I've run into similar things, I've had (potential) users of my software reject it because it didn't support the NULL_WITH_NULL cipher suite. I guess their checklist just said must use SSL without going into further detail. One company that I remember this being an issue with was a large bank... Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] anyone got a how not to use OpenSSL list?
On Wed, Oct 10, 2012 at 6:34 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: I want to find common improper usages of OpenSSL library for SSL/TLS. Can be reverse-engineered from a how to properly use OpenSSL FAQ, probably, but would prefer information to the first point rather than its complement. I'd like to hear about this, too. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] anyone got a how not to use OpenSSL list?
Hah. I'm surprised the term security theater wasn't coined earlier! On Wed, Oct 10, 2012 at 9:29 PM, Warren Kumari war...@kumari.net wrote: On Oct 10, 2012, at 3:56 PM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: One thing that I've sadly seen more times than I can shake a stick at is people leaving in aNULL/eNULL, or not including !aNULL:!eNULL in their cipher suite list. So, a number of years ago (~1999) I worked for a registrar. We had a number of load balanced webservers, some doing http and others doing SSL (for billing and such). One of our brighter sys-admin folk (lets call him Fred) notices one day that the https servers always run hotter and can only handle around 1/2 the connections as the plain http ones. This offends / puzzles him and so he decides to make this the big project that will get him promoted... I'm not really paying much attention, but know that he's off muting with Apache configs on the SSL boxen (mainly because they keep falling out of the load-balancer pool). After a week or two of dinking around he comes and shows me some pretty graphs of how much better the load now is on the https machines -- I nod, give him a pat on the head and go back to reading slashdot…. A few weeks later I'm running Ethereal / tcpdump to troubleshoot some issue or other, and suddenly see some payload that looks suspiciouly like a credit card number and name in plain-text… Guess what his optimization was… Yup, he tried every combination of things in SSLCipherSuite and simply chose the one with the lest CPU... The fun bit was that browsers (I think Netscape / IE at the time) would happily give you the lock icon… W On Wed, Oct 10, 2012 at 6:34 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: I want to find common improper usages of OpenSSL library for SSL/TLS. Can be reverse-engineered from a how to properly use OpenSSL FAQ, probably, but would prefer information to the first point rather than its complement. -- http://www.subspacefield.org/~travis/ Any sufficiently advanced magic is indistinguishable from reality. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography