Search squid archive

Re: SSL Attacks against Squid in reverse proxy mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 17/10/2012 4:34 p.m., Will Roberts wrote:
Hi,

I'm using squid 3.1.20 as a reverse proxy to provide an SSL frontend as well as caching.

I'm looking for configuration directives that would allow me to prevent squid from being susceptible to CRIME. Is there a way to pass a flag to the SSL library to disable compression (CRIME)?

Thanks,
--Will

CRIME operates by gleaning clues about the transmitted data (not the keys!) from measuring how crafted requests get compressed and transmitted. There are a couple of factors in Squid which prevent it being vulnerable, or at worst no more vulnerable than HTTPS has ever been.

* Squid does not support SPDY protocol. The ease of CRIME stems from SPDY mandatory compression of headers providing a consistent compression dictionary across long-duration and multiple requests. Resulting in effectivly a guarantee that crafted requests were comparable to the attacked clients requests while also amplifiing the amount of available attack clues with compression of headers.

* Squid does not support compression of headers. So information within headers remains secure uness the SSL keys are broken via other means. The indeterminate size of HTTP headers in between objects which may (or may not) be compressed moves the blocks of data where useful clues can be gleaned via CRIME in an almost unpredictable way. Also, each compressed object in HTTP has its own dictionary - further raising the difficulty of locating clues.

So risk of CRIME on regular HTTPS as serviced by Squid is quite low.

For the super paranoid;
Squid acting as a reverse-proxy is able to alter the relayed request headers and strip away the Accept-Encoding headers sent by the client using "request_header_access Accept-Encoding deny all". Which should result in the Server producing uncompressed responses even if the client advertises compression support to Squid. This does not work on CONNECT requests where Squid has zero control over what goes through inside the TLS encrypted tunnel. But then again, for those requests Squid is not adding to the vulnerability either.

As for OpenSSL;
IF you can find an OpenSSL flag that controls compression in the TLS layer itself, any flags supported by the SSL library can be passed with an sslflags= option; on https_port for incoming traffic, on cache_peer for backend server links, or as sslproxy_sslflags for outbound HTTPS connections (other than cache_peer links). If Squid does not accept a flag already we will happily accept patches to add it.


HTH
Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux