1 Nov 2022
Bulletproof TLS Newsletter is a free periodic newsletter bringing you commentary and news surrounding SSL/TLS and Internet PKI, designed to keep you informed about the latest developments in this space. Received monthly by more than 50,000 subscribers. Written by Hanno Böck.
Both client and server use of OpenSSL can be affected. Clients may parse such certificates if they connect to a malicious server, but the vulnerability is mitigated by the fact that this happens after certificate chain validation. In most settings, this means an attacker would need a malicious CA that signs a malicious certificate. Servers can be affected if they parse client certificates. According to the OpenSSL advisory, this vulnerability may lead to remote code execution, but stack protection mitigations that are available on most modern systems could mitigate attacks. The vulnerabilities have the following IDs: CVE-2022-3602 and CVE-2022-3786.
Originally OpenSSL had rated one of these vulnerabilities as critical. However, as the team explains in a blog post, the rating was later changed, as code execution exploits for these vulnerabilities seem very unlikely.
OpenSSL’s policy is to rate security vulnerabilities in four severity levels (low, medium, high and critical), so this is the highest category possible. Since the introduction of the critical level in 2015, OpenSSL has only rated one vulnerability as critical: a use after free memory corruption issue found in 2016. (The infamous Heartbleed bug was discovered in 2014, before OpenSSL introduced severity levels for its security advisories.)
The vulnerability only affects the 3.0 branch of OpenSSL, which is still rather new. Distributions and operating systems still using the old OpenSSL 1.1.1 version branch are thus unaffected.
OpenSSL had recently published version 3.0.6 with a low severity security fix and 1.1.1r as a bug fix release, and quickly withdrew these releases due to a regression. Apart from the 3.0.7 release, OpenSSL also published version 1.1.1s as a bugfix release.
This subscription is just for the newsletter; we won't send you anything else.
Back in 2015, I met Ivan Ristic at the Black Hat Europe conference. He asked if I would like to help write the newsletter for Feisty Duck, and I quickly agreed. We decided that I would write monthly, covering all the things happening in the TLS realm. This was a time when there was a lot of research poking holes into TLS and often showing flaws in the protocol itself, which in turn helped lead to improvements. I enjoyed summarizing these developments.
Eventually, all of the TLS research being performed led to a big jump in TLS security with the release of TLS 1.3. The latest version of the protocol avoids many of the pitfalls of weak algorithms and problematic design choices found in previous protocol versions. It’s a great leap forward.
I’ve enjoyed being a part of this journey. But I know now that I’m ready to spend more of my time exploring other areas. Ivan Ristic will take over writing the newsletter going forward so that it can continue to be a valuable source of information about the TLS world.
I want to thank Ivan and Jelena Ristic and Melinda Rankin for our shared work on the newsletter over the years and look forward to it continuing to be a guidepost to developments in the TLS protocol.
Here are some things that caught our attention since the previous newsletter:
Designed by Ivan Ristić, the author of SSL Labs, Bulletproof TLS and PKI, and Hardenize, our course covers everything you need to know to deploy secure servers and encrypted web applications.
Remote and trainer-led, with small classes and a choice of timezones.
Join over 2,000 students who have benefited from more than a decade of deep TLS and PKI expertise.