Дима Рубинштейн (dimrub) wrote in gotchas,
Дима Рубинштейн

Wrong certificate in an SSL session

Problem: A customer has been complaining, that once in a while, while surfing over HTTPS through our proxy (which acts as a man in the middle of sorts for the sake of SSL handling), he gets a wrong certificate for some of the sessions. E.g., he tries to browse to a.com, but gets a certificate for b.com instead.

Analysis: studying the traffic captures reveals that in the offending session, no Certificate record is found, but rather a session reuse was employed. Comparison with the other session, that was directed to the other site (b.com) further revealed that the same session ID was used for the 2 sessions, and thus the second session was using the certificate cached for the first session, hence the confusion.

Failed workaround: trying to disable session caching failed. The code that decides whether the session caching on the client side will be used looks as follows:

    if ( cache_sessions )
        SSL_CTX_set_session_cache_mode( m_clientsContextPtr->context(), 
                                        SSL_SESS_CACHE_SERVER );

this code assumes, that if the caching is disabled, the SSL_CTX_set_session_cache_mode will not be called, and hence, session caching will not be used. This is wrong: session caching is ON by default, so if we want it not to be used, we have to specify so explicitly.

Further analysis: the clash of session IDs seems to be related to the Debian's bug of fame, in which the OpenSSL's PRNG was effectively reduced to a coin flip. We expect that upgrade of the corresponding packages (that is, upgrade to a version of our software that contains the replacement openssl) should solve the problem of collisions. the version installed at this customers' contains the up to date version of OpenSSL, so that's not it. I'll be banging my head against the wall some more on this one.

P.S.: here's a way to make sure the proxy generates unique Session IDs.
1. Download and apply this patch for OpenSSL (it must be slightly modified to fit the current version of OpenSSL).
2. Run the following command line:
for (( i=0; i < 10000; i+=1 )); do echo "" | ./openssl s_client -connect server:443 -proxy proxy:8443 2>&1| grep 'Session-ID:' | sed 's/^.*: //' >> ids; done
3. The file ids now contains the session IDs of 10000 sessions. It can now be checked for repetitions:
sort ids | uniq -d
Tags: linux, ssl
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your IP address will be recorded