Hello!

On Sat, Oct 01, 2011 at 07:52:37AM +0200, Srebrenko Šehić wrote:

> Hi,
>
> You've probably heard it already. SSL was hacked and broken. You can
> read about it at
> http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/.
> Some more commentary at
> http://blogs.cisco.com/security/beat-the-beast-with-tls/
>
> As it turns out, OpenSSL people implemented a fix for this almost 10
> years ago. Details at http://www.openssl.org/~bodo/tls-cbc.txt
>
> Attached is a patch against 1.0.6 which introduces
> "ssl_dont_insert_empty_fragments" flag to control whether this
> workaround is enabled or not. Currently, it was hardcoded to disabled.
> This patch makes it optional.
>
> Note: this patch breaks certain old browsers which choke on the
> workaround. This was tested with IE6.
>
> Comments?

The patch won't help to stop BEAST (CVE-2011-3389), you need fix
on *client* side to stop it. More details about the attack
may be found here:

http://vnhacker.blogspot.com/2011/09/beast.html
https://bugzilla.mozilla.org/show_bug.cgi?id=665814

The only server-side workaround I'm currently aware of is using
non-CBC ciphers, i.e.

ssl_ciphers RC4-SHA;

(Of course migrating to the TLS 1.1+ is a better option, but it's
not yet here.)

For OpenSSL's "insert empty fragments" workaround on a server
side, situation hasn't changed much since 2003: there is problem,
there are no known attacks, and workaround causes major
interoperability problems.

(Probably working on better workaround in OpenSSL would be a good
idea. It looks like Chrome's one-byte one causes much less
problems.)

Maxim Dounin

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel