Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL

---

Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL

1. Impact

A security vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) protocols in the handling of session renegotiations affects OpenSSL (see openssl(5)). This issue may allow a remote unauthenticated user with the ability to intercept and control network traffic to perform man-in-the-middle (MITM) attack to inject arbitrary plaintext at the beginning of the application protocol stream, thus compromising the integrity of the communication. This vulnerability does not allow one to decrypt the intercepted network communication.

The exact nature of the impact of compromised data integrity depends on the application making use of the OpenSSL libraries.

Sun acknowledges with thanks, Marsh Ray and Steve Dispensa of PhoneFactor for bringing this issue to our attention.

This issue is also referenced in the following documents:


2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 10
• OpenSolaris based upon builds snv_01 through snv_128

x86 Platform

• Solaris 10
• OpenSolaris based upon builds snv_01 through snv_128

Notes:
 
1. Solaris 8 is not impacted by this issue.
2. Solaris 9 does not ship with OpenSSL libraries which can be used for application linking and is thus not impacted by this issue.

OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived.  The base build can be derived as follows:

$ uname -v
snv_101

3. Symptoms

There are no predictable symptoms that would indicate the described issue has occurred.

4. Workaround

Solaris Kernel SSL proxy module, KSSL (see ksslcfg(1M)) does not support client renegotiation or rehandshake. Server applications which use the KSSL module are not affected by this issue. KSSL may be used to workaround the described issue in such applications.

The following Interim Security Relief (ISRs) is available from http://sunsolve.sun.com/tpatches for the following release:

SPARC Platform

• Solaris 10 IDR141981-01

x86 Platform

• Solaris 10 IDR141982-01

IMPORTANT: These ISRs disable TLS session renegotiation. This may affect applications which depend on renegotiation. It is advisable to test these ISRs with applications that use OpenSSL libraries, before deploying them for wider use.

Note: This document refers to one or more Interim Security Relief (ISRs) which are designed to address the concerns identified herein. Sun has limited experience with these (ISRs) due to their interim nature. As such, you should only install the ISRs on systems meeting the configurations described above. Sun may release full patches at a later date, however, Sun is under no obligation whatsoever to create, release, or distribute any such patch.

5. Resolution

This issue is addressed for applications that do not depend on TLS session renegotiations in the following releases:

SPARC Platform

• OpenSolaris based upon builds snv_129 or later
  

x86 Platform

• OpenSolaris based upon builds snv_129 or later
  

Note: A final resolution is pending completion for Solaris 10 and OpenSolaris. Sun is working to fix the TLS implementations according to the TLS protocol standard extensions currently being developed.

For more information on Security Sun Alerts, see Technical Instruction ID 213557.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.


Modification History

03-Dec-2009: Updated Contributing Factors and Resolution sections for OpenSolaris

Attachments

This solution has no attachment