SSL/TLS Renegotiate Vulnerability
Date Issued: Nov. 9/09
Recently a major vulnerability was discovered in the ubiquitous Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols that are used to provide privacy and verification to numerous Internet services including web, email and VPN. The TLS and SSL protocol defines a behaviour where secure sessions can be renegotiated - useful for example to upgrade authentication strength.
An attacker may exploit the vulnerability in a pseudo man-in the-middle attack as described in the references below. The attacker will not be able to view existing session traffic but can cause the server to execute commands inserted during the renegotiation.
The suggested workaround is to remove the ability for renegotation to take place in an SSL/TLS server. OpenSSL, a major provider of SSL/TLS services, has released an update for this. If it is found in a particular application that this feature is required, it can be re-enabled by a command-line switch. The new version is OpenSSL 0.9.8l available at:
Using this workaround, client software does not need to be patched or replaced. This affects servers only. All servers that use SSL v3 and TLS v1 are affected. Software that is SSL/TLS compliant may also be vulnerable.
Test the new OpenSSL version in a web QA environment before considering deployment in a production environment. Monitor this and other security information sites for updated information.