[Announce] SECURITY - disabling SSL/TLS compression to mitigate the "CRIME" attack

A security vulnerability has been discovered in the SSL/TLS protocol, which affects connections using compression.
All versions of TLS are believed to be affected.
To address this, Qt will disable TLS compression by default.

* How does the attack work?

If the attacker can insert data into the SSL connection, then by looking at the length of the compressed data it is possible to determine if the inserted data matches secret data or not.

For example, if you are sending a https request to a server using basic authentication then your http header contains data similar to:
"Authorization: dXNlcjpwYXNzd29yZA=="
If the attacker can insert data in the body of the request, e.g.
"Authorization: d"

Then the compressed size will be smaller if they guessed the first character of the authentication token correctly.
With repeated requests it would be possible to guess the whole string in linear time.

Any data in the headers could be guessed in this way, but authorization tokens and login cookies are the most likely targets.

* What kind of applications are vulnerable?

Web browsers and applications using QtWebkit are most vulnerable, because of the ease of automating this attack with javascript (and the ease of inserting malicious javascript).
In principle, any application that uses SSL and can run untrusted scripts or be scripted externally could be vulnerable.

* How is Qt addressing the problem?

Qt is disabling SSL compression by default.
The 4.8.4 and 5.0.0 releases of Qt will have this change.
This change is available for cherry-picking from git if you build Qt from source.

The git changes are as follows:
5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74
4.8: d41dc3e101a694dec98d7bbb582d428d209e5401
4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0

For older 4.x releases, the 4.7 patch is expected to work.

* How can I protect my application without updating Qt?

For Qt 4.8.0 or later, you can set the default SSL configuration using the following code:

QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableCompression, true); QSslConfiguration::setDefaultConfiguration(config);

For older Qt versions, unfortunately there is no application level workaround.

* My application isn't vulnerable, I want to use compressed requests

You can enable compression by default using the following code:
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableCompression, false); QSslConfiguration::setDefaultConfiguration(config);

* I'm using a custom QSslConfiguration

Review your code.
If you are copying the default configuration and changing some settings then you are probably protected.
If not, then you should set the option to disable compression appropriately

--

Akseli Salovaara

Software Specialist - Digia, Qt

Visit us on: http://qt.digia.com

 

_______________________________________________
Announce mailing list
Announce <at> qt-project.org
http://lists.qt-project.org/mailman/listinfo/announce
_______________________________________________
Development mailing list
Development <at> qt-project.org
http://lists.qt-project.org/mailman/listinfo/development

Gmane