Presentation is loading. Please wait.

Presentation is loading. Please wait.

TLS Record Layer Bugs IETF67 TLS WG.

Published byErik Davidson Modified over 9 years ago

Similar presentations

Presentation on theme: "TLS Record Layer Bugs IETF67 TLS WG."— Presentation transcript:

1 TLS Record Layer Bugs Pasi.Eronen@nokia.com IETF67 TLS WG

2 Background Testing inspired by Yngve’s draft No illegal inputs (overflows etc.)

3 Fragmentation “multiple client messages of the same ContentType MAY be coalesced into a single TLSPlaintext record, or a single message MAY be fragmented across several records”

4 Fragmentation: test results OpenSSLfail Microsoft IISfail Mozilla NSSOK CerticomOK GnuTLSOK Sun JSSEOK Cryptlibfail PureTLSfail TLSLitefail MatrixSSLfail

5 Fragmentation: proposal MUST NOT fragment Handshake, Alert, and CCS messages Unless larger than max. fragment size …At least when using TLS_NULL_WITH_NULL_NULL?

6 Empty fragments: test results OpenSSLfail Microsoft IISfail Mozilla NSSfail CerticomOK GnuTLSOK Sun JSSEfail Cryptlibfail PureTLSfail TLSLitefail MatrixSSLfail

7 Empty fragments: proposal MUST NOT send empty fragments … with Handshake/Alert/CCS content type only?

8 Large padding “padding MAY be any length up to 255 bytes, as long as it results in the TLSCiphertext.length being an integral multiple of the block length”

9 Large padding: test results OpenSSLOK Microsoft IIS OK Mozilla NSSOK CerticomOK GnuTLSOK Sun JSSE OK CryptlibOK PureTLSOK TLSLiteOK MatrixSSLfail

10 Unknown content types “If a TLS implementation receives a record type it does not understand, it SHOULD just ignore it.”

11 Unknown content: test results OpenSSLOK Microsoft IIS fail Mozilla NSSfail Certicomfail GnuTLSfail Sun JSSE OK Cryptlibfail PureTLSfail TLSLitefail MatrixSSLfail

12 Unknown content: proposal MUST NOT send other content types except when negotiated using a TLS extension

13 Summary I have some more tests… Anyone interested in more testing? –SSL accelerator boxes? –Lotus Domino?

Download ppt "TLS Record Layer Bugs IETF67 TLS WG."

Similar presentations

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.

ISA 662 SSL Prof. Ravi Sandhu. 2 © Ravi Sandhu SECURE SOCKETS LAYER (SSL) layered on top of TCP SSL versions 1.0, 2.0, 3.0, 3.1 Netscape protocol later.
Web security: SSL and TLS

Web security: SSL and TLS
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Web Security (SSL / TLS)

Web Security (SSL / TLS)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 9 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 9 Wenbing Zhao Department of Electrical and Computer Engineering.
0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.

0 SSL3.0 / TLS1.0 Secure Communication over Insecure Line.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).
Chapter 8 Web Security.

Chapter 8 Web Security.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.

Similar presentations

Ads by Google