If you have a site that uses SSL encryption, right now might be a good time to find out if the site supports automatic SSL Renegotiation.
But the sky isn't falling, despite what you may have read. Yes, a German hacker group known as THC (The Hacker's Choice) has just released THC-SSL-DoS, which can bring down an HTTPS site with a DoS attack using an ordinary laptop -- but only if that site has SSL Renegotation turned on.
Most HTTPS sites already have SSL Renegotation turned off, so they aren't vulnerable. Apache 2.2.14, IIS 7.0, and OpenSSL 0.9.8l and earlier all shipped with SSL Renegotiation enabled by default, making them potential targets. If you have newer versions, SSL Renegotiation is disabled by default. An admin might've changed the setting, though, so it wouldn't hurt to make sure SSL Renegotiation is turned off.
Here's the whole story.
No doubt you know all about DDoS (distributed denial of service) attacks, which pepper a victimized site with an enormous volume of Internet traffic, coming from many different locations all at once. The site's server comes tumbling down while trying to handle all that volume. DDoS attacks require many machines to blitz a site from many different directions at once and consume a lot of bandwidth.
The alarm over THC-SSL-DoS attack stems from the fact that it's a small Windows program that can take out HTTPS sites using just one PC and a piddling amount of Internet bandwidth -- providing the site has SSL Renegotiation enabled.
When a user establishes an SSL connection with a server, the server has to go through a lot of computationally intensive machinations to verify and start encrypting the interaction. (Microsoft KB article 257591 describes the handshake procedure.) Initiating an SSL connection takes very little computational effort and almost no bandwidth. Verifying the SSL certificate and setting up the session, on the server, takes a great deal of computation time and bandwidth. Many servers use hardware SSL Accelerators -- plug-in cards or rack-mounted devices that offload most of the handshaking work. Some even take over the entire SSL processing chore.
If the server is set up to automatically renegotiate SSL sessions, and the client PC simply rejects the session, a small amount of effort on the client end can cause a lot of thrashing on the server end. That's what THC-SSL-DoS does: It initiates an SSL session, then rejects it, leaving the server to try again. The developers claim that the tool is even effective against server farms that intelligently offload SSL handshakes. They say that 20 PCs running with 120Kbps of bandwidth can take out a large server farm, assuming the farm is set up to automatically renegotiate SSL sessions.
Although the story has made a big splash in the press, none of this is new. SSL Accelerator cards have been around for a decade. SSL Renegotiation was widely condemned back in 2009. Manufacturers scurried around and updated their software to turn off SSL Renegotiation. Vulnerability CVE-2009-3555 detailed a man-in-the-middle vulnerability attributable to SSL Renegotiation, and dozens of software vendors took heed. Bottom line: Your server should've been updated, and SSL Renegotiation turned off, two years ago. But it wouldn't hurt to check again.
The THC blog post has been updated: "Some organizations already found out about this release a while ago and mistakenly identified it as an SSL-RENEGOTIATION BUG. This is not true. The tool can be modified to work without SSL-RENEGOTIATION by just establishing a new TCP connection for every new handshake." That's correct, at least in my tests. But if you have to establish a new TCP connection for every new handshake, the modified THC-SSL-DoS routine devolves into just another DDoS routine. It would take a concerted attack against an underpowered secure site to bring it down.
THC claims that it has a "private release that works against servers that do not support SSL renegotiation." Could be, but that program hasn't surfaced. It's unclear if the "private release" would be anything more than a simple DDoS.
The moral of the story? Make sure you have SSL Renegotiation turned off. And don't believe everything you read on the Internet.
This article, "New DoS tool from THC: Another overhyped threat," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.