背景
由於服務器端的重新密鑰協商的開銷至少是客戶端的10倍,因此攻擊者可利用這個過程向服務器發起拒絕服務攻擊。OpenSSL 1.0.2及以前版本受影響。
方法
使用OpenSSL(linux系統基本都自帶)連接服務器進行測試:
- openssl s_client -connect ip:port
- HEAD / HTTP/1.0
- R
示例
服務器443端口開啟重協商,使用openssl s_client -connect 172.31.0.22:443 連接測試(刪除了部分證書信息):
[root@localhost ~]# openssl s_client -connect 172.31.0.22:443 CONNECTED(00000003) depth=0 CN = HTTPS-Self-Signed-Certificate verify error:num=18:self signed certificate verify return:1 depth=0 CN = HTTPS-Self-Signed-Certificate verify return:1 --- Certificate chain 0 s:/CN=HTTPS-Self-Signed-Certificate i:/CN=HTTPS-Self-Signed-Certificate --- Server certificate -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE----- subject=/CN=HTTPS-Self-Signed-Certificate issuer=/CN=HTTPS-Self-Signed-Certificate --- No client certificate CA names sent Server Temp Key: DH, 1024 bits --- SSL handshake has read 1254 bytes and written 463 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : DHE-RSA-AES256-SHA Session-ID: AAF98A92D700189C29EEFE766769E6E5641BAC6A9AB96BC7D1302AE79D21CA06 Session-ID-ctx: Master-Key: 36FC13A9ADBC82EB9E0CC60F9981E2A3D6A2BEC093A0415AFB2A843880174709BB1A87946AA698D95DA3788C72D621CB Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 3600 (seconds) TLS session ticket: Start Time: 1567604880 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- HEAD / HTTP/1.0 R RENEGOTIATING 140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:
SSL握手完成后,輸入HEAD / HTTP/1.0,然后回車,輸入‘R’觸發重協商,此時服務器報錯並斷開連接:
140432695093152:error:14094153:SSL routines:SSL3_READ_BYTES:no renegotiation:s3_pkt.c:1242:
說明服務器重協商功能被關閉。
服務器4443端口開啟重協商,使用openssl s_client -connect 172.31.0.22:4443 連接測試(刪除了部分證書信息):
[root@localhost ~]# openssl s_client -connect 172.31.0.22:4443 CONNECTED(00000003) depth=0 CN = HTTPS-Self-Signed-Certificate verify error:num=18:self signed certificate verify return:1 depth=0 CN = HTTPS-Self-Signed-Certificate verify return:1 --- Certificate chain 0 s:/CN=HTTPS-Self-Signed-Certificate i:/CN=HTTPS-Self-Signed-Certificate --- Server certificate -----BEGIN CERTIFICATE----- ...... -----END CERTIFICATE----- subject=/CN=HTTPS-Self-Signed-Certificate issuer=/CN=HTTPS-Self-Signed-Certificate --- No client certificate CA names sent --- SSL handshake has read 845 bytes and written 463 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : AES256-SHA Session-ID: 6D0DF6EFC8491C9DEEB0161B85A47C101CF5DA9A9CD4EAA4EFCEEF46571A2A2F Session-ID-ctx: Master-Key: B3BBD776EA24230B37E7EF4B2EAF02D6D66185F12D3C87640308FB1996E0BDA4A94CDB35455D0E98A5C34AAAF6EA1C7F Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 3600 (seconds) TLS session ticket: ...... Start Time: 1567605522 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- HEAD / HTTP/1.0 R RENEGOTIATING depth=0 CN = HTTPS-Self-Signed-Certificate verify error:num=18:self signed certificate verify return:1 depth=0 CN = HTTPS-Self-Signed-Certificate verify return:1 HEAD / HTTP/1.0 HTTP/1.1 400 Bad request Date: Wed, 04 Sep 2019 05:43:05 Content-Length: 0 ^C
使用和上方所述相同的操作,發送‘R’觸發重協商,可以看到重協商成功,連接正常,此時再次發送HEAD / HTTP/1.0 ,敲兩次回車,得到服務器響應400。說明服務器重協商功能開啟。
總結
通過OpenSSL連接服務器測試重協商功能,如果服務器重協商功能關閉則終端發送‘R’后會報錯並斷開連接。
參考資料
https://mailarchive.ietf.org/arch/msg/tls/wdg46VE_jkYBbgJ5yE4P9nQ-8IU
https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html