DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th October 2020
jonsec jonsec is offline
Fdisk Soldier
 
Join Date: Jul 2019
Posts: 54
Default does raccoon attack has effect on OpenBSD?

Quote:
Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS. These protocols allow everyone on the Internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

Raccoon allows attackers under certain conditions to break the encryption and read sensitive communications. The vulnerability is really hard to exploit and relies on very precise timing measurements and on a specific server configuration to be exploitable.
https://raccoon-attack.com/

does raccoon attack has effect on OpenBSD?
Reply With Quote
  #2   (View Single Post)  
Old 8th October 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 133
Default

Interesting question!

Because, LibreSSL is not mentioned. Why? It was not "studied"?
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #3   (View Single Post)  
Old 8th October 2020
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,124
Default

I'll guess an answer: probably. If I'm reading this correctly, the attack surface is an apparent weakness in the TLS 1.2 or older cryptographic protocols, and TLS 1.2 is still in active use.
  • The default cipher suite string used by both httpd(8) and relayd(8) is "HIGH:!aNULL". The "HIGH" suite of ciphers includes TLS 1.2. See both httpd.conf(5) and relayd.conf(5) for details.
  • To see the details of the protocols permitted by a cipher control string value, use $ openssl ciphers -v <string>. See the CIPHERS section of the openssl(1) man page and the DESCRIPTION section of the SSL_CTX_set_cipher_list(3) man page.
Reply With Quote
  #4   (View Single Post)  
Old 4 Weeks Ago
jonsec jonsec is offline
Fdisk Soldier
 
Join Date: Jul 2019
Posts: 54
Default

https://raccoon-attack.com/
Quote:
Our Raccoon attack exploits a TLS specification side channel; TLS 1.2 (and all previous versions)
in OpenBSD 6.8 is fixed.
see LibreSSL 3.2.2 section in https://www.openbsd.org/68.html
Reply With Quote
  #5   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,124
Default

Could you point to the specific change? For me, it is not clear from the summary how 6.8 addressed this issue.
Reply With Quote
  #6   (View Single Post)  
Old 3 Weeks Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 133
Default

Perhaps, by using the Name Constraints test suite BetterTLS?!
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Reply

Tags
raccoon-attack

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CacheOut: new attack against CPU Intel CiotBSD News 0 27th January 2020 11:56 PM
Security Another crypto-attack on SSL/TLS encryption J65nko News 0 15th March 2013 12:54 PM
Floating point DoS attack (PHP) J65nko News 0 6th January 2011 02:08 AM
supress UDP ddos attack chris FreeBSD Security 4 9th July 2008 02:46 PM


All times are GMT. The time now is 03:57 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick