[Announce] SECURITY - disabling SSL/TLS compression to mitigate the "CRIME" attack

Thu Sep 27 12:56:07 CEST 2012

A security vulnerability has been discovered in the SSL/TLS protocol, which affects connections using compression.
All versions of TLS are believed to be affected.
To address this, Qt will disable TLS compression by default.

* How does the attack work?

If the attacker can insert data into the SSL connection, then by looking at the length of the compressed data it is possible to determine if the inserted data matches secret data or not.

For example, if you are sending a https request to a server using basic authentication then your http header contains data similar to:
"Authorization: dXNlcjpwYXNzd29yZA=="
If the attacker can insert data in the body of the request, e.g.
"Authorization: d"

Then the compressed size will be smaller if they guessed the first character of the authentication token correctly.
With repeated requests it would be possible to guess the whole string in linear time.

Any data in the headers could be guessed in this way, but authorization tokens and login cookies are the most likely targets.

* What kind of applications are vulnerable?

Web browsers and applications using QtWebkit are most vulnerable, because of the ease of automating this attack with javascript (and the ease of inserting malicious javascript).
In principle, any application that uses SSL and can run untrusted scripts or be scripted externally could be vulnerable.

* How is Qt addressing the problem?

Qt is disabling SSL compression by default.
The 4.8.4 and 5.0.0 releases of Qt will have this change.
This change is available for cherry-picking from git if you build Qt from source.

The git changes are as follows:
5.0: 5ea896fbc63593f424a7dfbb11387599c0025c74
4.8: d41dc3e101a694dec98d7bbb582d428d209e5401
4.7: 3488f1db96dbf70bb0486d3013d86252ebf433e0

For older 4.x releases, the 4.7 patch is expected to work.

* How can I protect my application without updating Qt?

For Qt 4.8.0 or later, you can set the default SSL configuration using the following code:

QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableCompression, true); QSslConfiguration::setDefaultConfiguration(config);

For older Qt versions, unfortunately there is no application level workaround.

* My application isn't vulnerable, I want to use compressed requests

You can enable compression by default using the following code:
QSslConfiguration config = QSslConfiguration::defaultConfiguration();
config.setSslOption(QSsl::SslOptionDisableCompression, false); QSslConfiguration::setDefaultConfiguration(config);

* I'm using a custom QSslConfiguration

Review your code.
If you are copying the default configuration and changing some settings then you are probably protected.
If not, then you should set the option to disable compression appropriately
--
Akseli Salovaara
Software Specialist - Digia, Qt
Visit us on: http://qt.digia.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/announce/attachments/20120927/3057ad70/attachment.html>