News

OpenSSL Bug Allowed Attackers to Decrypt HTTPS Traffic

The OpenSSL cryptographic library was recently updated in response to a high severity vulnerability that was found its code. The vulnerability made it possible for attackers to get hold of the decryption key used for traffic secured by HTTPS and other transport layer security methods.

Thankfully, while the consequences of the vulnerability were high, the flaw can only be exploited when a very specific set of conditions are met. For starters, only version 1.0.2 even contains the vulnerability. The application reliant on it must then use groups based on the digital signature algorithm (DSA), which then generate ephemeral keys using the Diffie-Hellman key exchange. Server applications typically re-use the same private Diffie-Hellman exponent for the lifetime of the server process, by default. The result is that the server’s encrypted traffic then becomes vulnerable to a key-recovery attack, the same being the case in configurations that rely on a static Diffie-Hellman cipher suite.

When the requirements are met, an attacker can make a barrage of handshake requests to the vulnerable endpoint system. With enough requests, partial secret values can be obtained and combined using the Chinese Remainder Theorem to calculate the encryption key. More extensive information on the attack and vulnerability can be found on Antonio Sanso’s blog and as part of an OpenSSL security advisory.

Thankfully, the majority of mainstream OpenSSL and DSA-based Diffie-Hellman reliant applications don’t seem to meet these requirements. For example, the common Apache Web Server enables the SSL_OP_SINGLE_DH_USE option, which causes different private exponents to be used across the process’ lifespan. Meanwhile, the two main forks of OpenSSL, do not have the vulnerability present in them. Google’s BoringSSL removed the option for SSL_OP_SINGLE_DH_USE some months earlier, while in LibreSSL, it was deprecated less than a week ago. Anything that uses a static cipher suite risks continuing to be vulnerable, however.

Sanso reported the bug privately to the OpenSSL project maintainers on the 12th of January, meaning it took only two weeks for them to identify, test and roll out a fix. Curiously, at the time of the bug being reported, a fix relating to the re-use of Diffie-Hellman exponents had already been committed to the OpenSSL but was yet to be part of a release. For obvious security reasons, details of the vulnerability were not publicly released until a patch was already available so that would-be attackers would not be aware of the attack vector until it was already removed. While it may only affect edge-cases, if you’re running a server that relies on OpenSSL 1.0.2, you should be sure to update to 1.0.2f and those on 1.0.1 should install 1.0.1r although support for 1.0.1 is finishing at the end of this year.

Alexander Neil

Disqus Comments Loading...

Recent Posts

Plaion Launches Retro ZX Spectrum Computer

Plaion, a leading video game publisher, and Retro Games Ltd., a specialist in reimagined classic…

1 day ago

NVIDIA Warns of GeForce RTX 40 Graphics Card Shortages in November and December

During the latest earnings call, NVIDIA CFO Colette Kress warned of a potential GPU supply…

1 day ago

GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070 Reportedly Coming in Q1 2025

Chinese sources say the GeForce RTX 5090, RTX 5080, RTX 5070 Ti, and RTX 5070…

1 day ago

GTA 6 Already Winning Awards Before Its Launch

GTA 6 doesn’t have an official release date yet, but it has already earned a…

1 day ago

DJI Osmo Mobile 6, 3-Axis Phone Gimbal

Stay on Point with ActiveTrack 6.0 - With upgraded tracking tech, OM 6 sticks to…

1 day ago

Drayton Wiser Smart Radiator Thermostat TRV

Pack includes three Wiser Radiator Thermostats. These smart radiator thermostats are only designed to work…

1 day ago