Known Attacks Against TLS

Ahmet Göker
6 min readFeb 5, 2022

--

Hey people,

welcome back to my blog post today I am going to cover some TLS hacking types and techniques and also using openSSL with python for TLS

before explaining such attacks against TLS I want to explain what TLS is, thus lets get started and do not forget to clap this blog If you do like it:)

TLS

The transport layer security(TLS) protocol, also known as Secure Socket Layer(SSL) which is the name of its predecessor, is the workhorse of internet security. TLS protects connection between servers and clients, whether that connection is between a website and its visitors, email game servers and players. Without TLS secure there would be no security or secure online commerce such as securing online banking, or for that matter secure online anything

with that being said ıf you are interested more deeply I suggest you to check some online documentation and readable resources about TLS and SSL.

of course there are a lot however, I am going to cover some of them.

Known ATTACKS Against TLS

Eve will always be trying to break certificates in some way or another. If she gets past that gate, everything else is broken. Of course, İf Alice and Bob are using DHE or ECDHE with forward secrecy, everything else in the future is broken, but at least not the past. Beyond certificates, there are some other contemporary attack against TLS to be aware of.

POODLE

POODLE stands for “Padding Oracle On Downgraded Legacy Encryption.” TLS 1.0 , as I covered, could be exploited when using CBC mode.At the time, the block cipher was DES, but the attack works on DES or AES so long as the ode of operation is CBC.

For the implementation that had the faulty implementation, they were vulnerable without downgrade.

defenses included

  1. Disable TLS 1.0 ( and 1.1 really)
  2. Verify that TLS 1.2 is not vulnerable using an auditing tool.

Freak and Logjam

The Logjam attack, like POODLE, relies on forcing a downgrade to earlier versions of TLS actually, the goal is to downgrade the cipher suites.

In logjam, an attacker intercepts the client’s message and removes all of the proposed cipher suites and replaces them with EXPORT variants of Diffle-Hellman (DH). The server picks weak parameters accordingly and sends them back to the client.The client does not know that anything is wrong and just accepts the server’s poorly chosen configuration

FREAK is a very similar attack to Logjam, but uses “export” RSA parameters instead. Defenses for both Logjam and FREAK include

  1. Disable weak cipher suites — especially “export” cipher — on the sever
  2. Use clients tah uncoditionally refuse to accept weak parameters(for instance, DH/ECDH or RSA parameters that are weak)

Sweet32

The Sweet32 attack is a little different from the ones we have seen before.It is designed specifically for block ciphers that have a block size of 64 bits.For most TLS 1.2 installations, there is only one cipher in use that has such a block size: 3DES

Sadly, many TLS implementations do not enforce maximum data limits with a key.The Sweet32 attack exploits this to send enough data to force collisions and recover data.

Defenses include

  1. Disable 3DES-Based cipher suites ( and any other 64-bit ciphers if any happen to be present ).

Heartbleed

Heartbleed is a special mention in my list because it is not a vulnerability in TLS itself. Rather, it was a bug in OPENSSL’s implementations ( yes, the library you have been using). Specifically, it was a bug in an extension to TLS that enables heartbeats for detecting dead connections. Although an extension, it is a commonly used one.

The problem with OPENSSL’s implementation was that they were not doing bounds checking on heartbeat request received from the other side. A typical heartbeat request included some data to echo back and the lenght of the data. If the length was longer than the data to echo, the incorrect implemenatation simply read contents out of memory.

The point of this vulnerability is to indicate that not all attacks are on the protocols themselves but sometimes on the implementations. It is important to watch for both kinds of issues

Defenses included

  1. Keep TLS libraries and application up to date

Using OpenSSL with python for TLS

We have covered some attack types hence, you can research more deeply because I could not explain everything because I also want to stick my time in OPENSSL with python. Everything was being explained theoretically thus now I am going to show some scripts and cipher of TLS and SSL

Lets assume that Eve has decided to see how well TLS checks are enforced.It starts up the OPENSSL, it is being used as s_server again using the certificates it created. It tries to connect with python and encounters the following error

it rejected Eve’s certificate, as it to be expected.After all, it has no reason to trust it. The certification sent by the server(s_server) is not rooted in a valid certificate authority.The python code, by default, did the right thing. Eve curses under her breath

The HTTPSConnection class can take take a parameter called context. It expects an instance of a class called SSLCONTEXT. Eve experiments by plugging in her own version.

You will be able to successfully receive a response from s_server but why?

The SSLContext object contains TLS configuration parameters and controls. The processing of the TLS handshake including certificate checking. An empty SSLContext does no checking on certificates

Thus programmers should typically use SSLContext.create_default_context()

this method creates an SSLContext that performs the default checks Eve encountered earlier that resulted in a rejected certificate

The following examples all use HTTPSConnection class, but the SSLContext objects are used throughout python in various network operations

“openssl s_server -accept 8888 -www *cert domain_cert domain_key.pem”

It re-runs the test code and it still works. Even though the URL is https://127.0.0.1 and the subject common name is xyz.gov the data was permitted. Without host checking enabled, this mismatch does not result in an error

Eve now repeats her test after scripting on host checking

You might want to say that this topic was bit complicated it can be true I was trying to explain TLS smoothly and yes there are a lot of documentations out there however, I am willing to share more useful libraries and python scripting , I may say that my next topic is going to be about Cryptography problems and real world scenarios if you are interested and as being a CTF player it is great to sharp your skills and understand the methodology behind it:)

Thank you for reading this blog I will see you in the next lecture

Ahmet Göker | Network security | Malware Researcher | YouTuber | CTF player | Technophile | Hacker Freak

Linkedin: https://www.linkedin.com/in/ahmetgöker

Youtube: https://youtube.com/TurkishHoodie

Telegram : stuXnet

--

--