Allele Security Alert
ASA-2019-00265
Identifier(s)
ASA-2019-00265, CVE-2019-11323
Title
Security issue in the TLS ticket key rotation
Vendor(s)
HAProxy Technologies
Product(s)
HAProxy
Affected version(s)
HAProxy versions since commit:
MINOR: ssl: add support of aes256 bits ticket keys on file and cli.
https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547
Fixed version(s)
HAProxy versions 1.9.7 and later
Proof of concept
Unknown
Description
Whenever HAProxy was reloaded with rotated keys, the resumption would be broken for previous encryption key.
Technical details
Since commit 9e7547, which added support for 80 byte keys, the structure key_128 is defined as struct tls_sess_key_256 instead of struct tls_sess_key_128.
--- a/include/types/ssl_sock.h +++ b/include/types/ssl_sock.h @@ -63,7 +63,7 @@ struct tls_sess_key_256 { union tls_sess_key{ unsigned char name[16]; - struct tls_sess_key_256 key_128; + struct tls_sess_key_128 key_128; struct tls_sess_key_256 key_256; } __attribute__((packed));
Then, whenever the structure key_128 is used, it will contain uninitialized values resulting in very predictable HMAC keys.
Credits
Nenad Merdanovic
Reference(s)
[ANNOUNCE] haproxy-1.9.7
https://www.mail-archive.com/haproxy@formilux.org/msg33410.html
BUG/MINOR: ssl: Fix 48 byte TLS ticket key rotation
https://git.haproxy.org/?p=haproxy.git;a=commit;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d
MINOR: ssl: add support of aes256 bits ticket keys on file and cli.
https://git.haproxy.org/?p=haproxy.git;a=commit;h=9e7547
CVE-2019-11323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11323
CVE-2019-11323
https://nvd.nist.gov/vuln/detail/CVE-2019-11323
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 13, 2019