[Interest] Qt 5.9 and OpenSSL 1.1?

Thiago Macieira thiago.macieira at intel.com
Mon Sep 16 21:41:12 CEST 2019 

On Monday, 16 September 2019 11:48:20 PDT Giuseppe D'Angelo via Interest 
wrote:
> And this again just mentions that earlier SSL versions had security
> vulnerabilities. It does not sustain the claim that there is NO version
> which is secure.
> 
> (As Thiago has already reminded, we're way past the point where we do
> get to prove mathematically the correctness and the security of our
> code; instead we rely on expert research, responsible disclosure and
> quick fix of any issue that may have been found.)

The security claim here is relative.

There is no currently known attack against SSL/TLS. That does not imply it's 
mathematically proven to be safe. In all likelihood, there will be issues 
found. If by that you mean that it's not secure, then yes: it's not secure 
because there'll likely be a new vulnerability discovered.

However, until that happens, it's as secure as we can make anything.

I should also point out that so far, none of the successful attacks against 
SSL/TLS are attacking the encryption. The attacks usually come via a side-
channel or some other weak component of the structure. Examples are the 
Heartbleed, the earlier attack against compression, the renegotiation attack. 
More frequently, hacks are attacking social engineering, like weak passwords, 
unsecured or improperly-secured systems. It's believed the Stuxnet attack 
against Iran's nuclear energy labs was started by dropping USB flash drives in 
the parking lot.

And yet, this is the best we've got. What's the alternative? No encryption and 
no authentication?

Even the only encryption method mathematically proven to be resistant to 
direct attacks (one-time pads) is vulnerable to side-channel attacks. The OTP 
leaks and all your data is readable. If the random generator you used to 
create it in the first place can be predicted, you've also got a problem (for 
example, by inspecting the initial TCP sequence values that your system 
sends).

I'll agree with Roland that "use SSL, you're safe" is not a factually correct 
statement. A simple debug-mode "ignoreSslErrors()" left in your code kicks the 
door wide open to attackers. SSL is a component of your security architecture, 
but not the only one.

But I'll also agree with Peppe that SSL/TLS is as secure as we can make it. 
Claiming otherwise, claiming that there are attacks that slice through up-to-
date and well-maintained installations like a hot knife through butter, 
without offering proof, is beyond disingenuous. It's positively irresponsible.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel System Software Products

More information about the Interest mailing list