1 / 13

Testing Results and Proposals for TLS Record Layer Bugs

This document discusses testing results and proposals related to TLS record layer bugs, based on thriving work inspired by Yngve's draft. Key focus areas include fragmentation handling, empty fragments prevention, large padding, and unknown content types in TLS. Results show varying success across implementations like OpenSSL, Microsoft IIS, Mozilla NSS, and more, highlighting critical failures and the need for stricter regulations in fragmentation and content type handling. The proposal aims to enhance compliance for secure implementations. Additional testing opportunities are welcome.

preston
Télécharger la présentation

Testing Results and Proposals for TLS Record Layer Bugs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TLS Record Layer Bugs Pasi.Eronen@nokia.comIETF67 TLS WG

  2. Background • Testing inspired by Yngve’s draft • No illegal inputs (overflows etc.)

  3. Fragmentation “multiple client messages of the same ContentType MAY be coalesced into a single TLSPlaintext record, or a single message MAY be fragmented across several records”

  4. Fragmentation: test results • OpenSSL fail • Microsoft IIS fail • Mozilla NSS OK • Certicom OK • GnuTLS OK • Sun JSSE OK • Cryptlib fail • PureTLS fail • TLSLite fail • MatrixSSL fail

  5. Fragmentation: proposal • MUST NOT fragment Handshake, Alert, and CCS messages • Unless larger than max. fragment size • …At least when using TLS_NULL_WITH_NULL_NULL?

  6. Empty fragments: test results • OpenSSL fail • Microsoft IIS fail • Mozilla NSS fail • Certicom OK • GnuTLS OK • Sun JSSE fail • Cryptlib fail • PureTLS fail • TLSLite fail • MatrixSSL fail

  7. Empty fragments: proposal • MUST NOT send empty fragments • … with Handshake/Alert/CCS content type only?

  8. Large padding “padding MAY be any length up to 255 bytes, as long as it results in the TLSCiphertext.length being an integral multiple of the block length”

  9. Large padding: test results • OpenSSL OK • Microsoft IIS OK • Mozilla NSS OK • Certicom OK • GnuTLS OK • Sun JSSE OK • Cryptlib OK • PureTLS OK • TLSLite OK • MatrixSSL fail

  10. Unknown content types “If a TLS implementation receives a record type it does not understand, it SHOULD just ignore it.”

  11. Unknown content: test results • OpenSSL OK • Microsoft IIS fail • Mozilla NSS fail • Certicom fail • GnuTLS fail • Sun JSSE OK • Cryptlib fail • PureTLS fail • TLSLite fail • MatrixSSL fail

  12. Unknown content: proposal • MUST NOT send other content types except when negotiated using a TLS extension

  13. Summary • I have some more tests… • Anyone interested in more testing? • SSL accelerator boxes? • Lotus Domino?

More Related