[erlang-questions] SSL/TLS MITM CCS Injection case on Erlang ssl module?

Andreas Schultz aschultz@REDACTED
Fri Jun 6 11:14:34 CEST 2014 

Hi,

----- Original Message -----
> I'd be glad if Erlang core team could give an idea about how the
> vulnerability of CVE-2014-0224 would or would not affect Erlang ssl
> module:
> 
> http://www.openssl.org/news/secadv_20140605.txt
> http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html

My take on this:

Short version
=============

I believe that Erlang SSL does not handle out of sequence CCS (Change-Cipher-Spec)
messages correctly, whether that can be exploited or not is unclear. 

Long version
============

>From reading the source, I would say that the SSL application will accept
CCS messages that are out of sequence.

tls_connection:next_state is processing the packets. Normal handshake records
are processed through the tls_connection FSM, but a CCS message is processed
immediately, outside of the FSM in any state.

One of the problems OpenSSL has with this, are that invalid pointers might be
exploited. Luckily this is not going to be an issue for Erlang, ssl might crash,
but it will not reveal sensitive data.

The other issue as described by OpenSSL:

> An attacker using a carefully crafted handshake can force the use of weak
> keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
> by a Man-in-the-middle (MITM) attack where the attacker can decrypt and 
> modify traffic from the attacked client and server.

Now this might be a problem for Erlang. A CCS will activate the pending connection
state. ssl_record initializes the pending states with values that are partly valid.
The bulk_cipher_algo and the secrets are not initialized, so I'm not sure if it
would be possible to craft the handshake sequence in a way to have valid, but weak
values in there.

Regards
Andreas

> 
> Regards,
> Kenji Rikitake
> 
> 
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
-- 
Dipl. Inform.
Andreas Schultz

email: as@REDACTED
phone: +49-391-819099-224
mobil: +49-170-2226073

------------------- enabling your networks -------------------

Travelping GmbH               phone:         +49-391-819099229
Roentgenstr. 13               fax:           +49-391-819099299
D-39108 Magdeburg             email:       info@REDACTED
GERMANY                       web:   http://www.travelping.com

Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
--------------------------------------------------------------

More information about the erlang-questions mailing list