cURL TLS 1.3 session ticket proxy host mixup Vulnerability
Key Takeaways
The video discusses a vulnerability in cURL, specifically a TLS 1.3 session ticket proxy host mixup, which can be exploited by a malicious proxy to intercept and decrypt sensitive data. The vulnerability arises from cURL's confusion between session tickets from the proxy and the remote server.
Full Transcript
guys this one is very interesting uh bug vulnerability in fact that is discovered in curl i don't i don't usually discuss vulnerabilities that are less critical like this one but i just found it fascinating because it is really depends on how the back end is configured you can run into this vulnerability and makes you just appreciate that writing front end code is not easy despite what people might have think a lot of people say hey front end code easy peasy no look at curl curl is the ultimate front end dev if you think about it it's it's all a front end that consumes lots of protocols on the back end but it's a badass swiss army knife it's just fascinating think about that and just the all these use cases that you have to kind of cater with right so if you're building something that consumes the backend if the back end changes or you can put in the configuration that is not supported things can go really wrong so let's discuss this uh title of the vulnerability is tls 1.3 session ticket proxy host mix up right uh we're going to read the blurb and then go i had a diagram uh explained here to explain what exactly this thing enabled by default lib curl supports the use of tls 1.3 session tickets to resume previous tls sessions to speed up subsequent tls handshakes this is also referred to as a zero rtt and tls 1.3 when using an https proxy and tls 1.3 lip curl can confuse session tickets arriving from the https proxy but work as if they are arriving from the remote server and then wrongly shortcut the host handshake the reason for this confusion is the modified sequence from tls 1.2 when the session ids were provided only during the tls handshake while tls 1.3 it happens post handshake and the code was not updated to take the change behavior into account so see what happened when things change right on the back and if you used to do with one thing and then all of a sudden it changes and there's a completely different code path things can go really bad so let's explain what what what what this really is so if i go to uh to this picture and i'm gonna display it in a minute i'm gonna disappear for a second here you can see that the curl or curl lab here is the client there's a proxy set up in the same machine or another different machine and have the proxy ip address set into the machine configuration so that all ip packets goes to the proxy first and layer seven content will be delivered to the actual final destination i talked about proxy versus reverse proxy right but what really happens here if your proxy is https curl or the client will establish a tcp connection between yourself and the proxy that has to happen and then since https it will follow it up with a tls handshake between the client also and the proxy so now your communication between yourself and the proxy is encrypted the first request that the client sends because it realized it's in a proxy configuration it will send something called the http connect method and i talked about it right here if you want to learn more about it that http connect method will be delivered to the proxy and the http connect method has the actual host that you want to connect to in this case this is called host right say google.com so what will happen here is the proxy will establish a tcp connection between itself and the host on your behalf right and then this is will basically be a tunnel from now on so there will be this tcp connection that you have on the front and alongside with tls will be tunneled everything that you send after that connect with it will be part of the tunnel that includes the tls actual tls handshake that you are supposed to do right now when you do a tls to the host right you will send that tls request it will immediately just forward it all the way to the host and now all of a sudden you have another tls session between yourself end to end go ahead and go into in to the host so now you have two tls kind of layered sessions here and you you tell me if this thing is not complicated enough for you right so now we have one tls session between the curl and the proxy and then another trs session between curl and the host now let's go back to the bug the bug here is uh four session resumptions to to to do a session resumption using tickets right the server will reply back with a tls extension says hey by the way let's not do this expensive tls handshake if in the future if you want to re-establish this for me we are stateful right let's just give me your ticket give me this ticket and encrypt everything you want and i'll figure out the new key right essentially the key is encrypted in the ticket somehow right and here's the but there was a confusion on the session to whom this session ticket belongs to curl didn't have that context it was just receiving tech session tickets and it thought this session ticket belonged to the proxy so what would happen here is between these two tls sessions curl got confused and started mixing up the session ticket so if you really think about what really happened here is curl lib doesn't understand who the session tech it belongs to it could belong to the proxy or the host i think it confuses it as it belongs to their host now the proxy what can do a malicious proxy can essentially creates its own session ticket ships it to curl lab as if it's belong to the host and curl it because it has this bug it will think that it belongs to the host and will re-establish the rt0rtt as if we were going to the host and now we just strict curl the client to connect to the host using our ticket so we can see everything because we built this we as the proxy we are the shady man in the middle of proxy we built that session ticket we have that symmetra key inside that ticket so we know how to decrypt it all of a sudden you see the clear text otherwise the whole thing without this the whole thing is end to end right because this is there's this big green tls session essentially so that's that's what's going on there so what was the fix the fix was if you look at the code actually let's zoom in here is to introduce a new method to know that hey am i talking to a proxy am i talking to a backend host right and based on that the parameters the session parameters will be essentially identified and as a result you would not get into a situation where the proxy sees your traffic essentially it's just just one of those things that tells me man building protocols building front end code that is resilient to these kind of uh different kind of back ends to support backward compatible back-ends right in this case supporting tls 1.3 and a proxy alongside with 1.2 right can lead to nasty stuff like this one right and this is not gonna it's not gonna be the end of this uh carl's having a bug bounty system where you can essentially try to find try to break curl lead by any other so let's credit who actually did this create work is you do [Music] mengato yang from facebook discover this all right guys that's it for me today guys this is just uh it's just these things are fascinating to me right this makes you think like building software is hard you have to think about all these situations let me know what you think i'm gonna see on the next one you guys awesome goodbye
Original Description
Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes.
When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. The reason for this confusion is the modified sequence from TLS 1.2 when the session ids would provided only during the TLS handshake, while in TLS 1.3 it happens post hand-shake and the code was not updated to take that changed behavior into account.
Make sure the proxy/host distinction is done correctly.
A fix for CVE-2021-22890
(The patch URL will change in the final published version of this advisory)
4:00 http connect
https://curl.se/docs/CVE-2021-22890.html
🎙️Listen to the Backend Engineering Podcast
https://husseinnasser.com/podcast
🏭 Backend Engineering Videos
https://backend.husseinnasser.com
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🏛️ Software Archtiecture Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXNP6mQchJVP3S-3oKGEuw9
📩 Messaging Systems
https://www.youtube.com/playlist?list=PLQnljOFTspQVcumYRWE2w9kVxxIXy_AMo
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Stay Awesome,
Hussein
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Hussein Nasser · Hussein Nasser · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Extending ArcObjects (IGeometry) - 01 - Getting Started
Hussein Nasser
Extending ArcObjects (IGeometry) - 02 - The Document, The Map and The Layers
Hussein Nasser
Channel Update - New Book, New Job, New Videos
Hussein Nasser
Learn Programming with VB.NET - 01 - Getting Started
Hussein Nasser
Learn Programming with VB.NET - 02 - Classes and Objects (Part 1)
Hussein Nasser
Learn Programming with VB.NET - 03 - Classes and Objects (Part 2)
Hussein Nasser
Learn Programming with VB.NET - 04 - User Interface
Hussein Nasser
Learn Programming with VB.NET - 05 - By Value v. By Reference
Hussein Nasser
Learn Programming with VB.NET - 06 - Variable size, 32 bit vs 64 bit
Hussein Nasser
Learn Programming with VB.NET - 07 - Conditional Statements
Hussein Nasser
Learn Programming with VB.NET - 08 - Inheritance
Hussein Nasser
Learn Programming with VB.NET - 09 - Strategy Design Pattern
Hussein Nasser
Learn Programming with VB.NET - 10 - How did I learn programming
Hussein Nasser
IGeometry 2016 Retrospective - Channel Update
Hussein Nasser
Javascript by Example - The Vook
Hussein Nasser
Vlog - Keep your servers close and your database closer
Hussein Nasser
Vlog - Client/Server Programming Languages
Hussein Nasser
Javascript By Example L1E01 - Getting Started
Hussein Nasser
Persistent Connections (Pros and Cons)
Hussein Nasser
Javascript By Example L1E02 - Building the Calculator Interface
Hussein Nasser
Happy new Year from IGeometry!
Hussein Nasser
Synchronous v. Asynchronous
Hussein Nasser
Javascript By Example L1E03 - Displaying the Digits on Calculator Screen
Hussein Nasser
Show Your Work. Blog, Vlog, Write, Create and Develop!
Hussein Nasser
Relational Database Atomicity Explained By Example
Hussein Nasser
Javascript By Example L1E04 - Operators, All Clear with Arrow Functions
Hussein Nasser
What Comes First, User Experience or Software Architecture?
Hussein Nasser
Javascript By Example L1E05 - Evaluate the Calculator Expressions with eval
Hussein Nasser
Fastest Way to Learn Programming Language or Technology
Hussein Nasser
Javascript By Example L1E06 - Fix Leading Zero Bug with Conditions
Hussein Nasser
Stateful vs Stateless Applications (Explained by Example)
Hussein Nasser
Javascript By Example L1E07 - Running our Calculator on the Mobile Phone
Hussein Nasser
Advice for New Software Engineers and Developers
Hussein Nasser
Why JSON is so Popular?
Hussein Nasser
Building Scalable Software - SLA, HS, VS
Hussein Nasser
Vlog (Istanbul) - Datacenter Proximity
Hussein Nasser
Should Software Engineers Learn Bleeding-Edge Technologies?
Hussein Nasser
Do Developers Build Bad User Interfaces/Experience?
Hussein Nasser
Learn By Doing.
Hussein Nasser
I Wrote Bad Front-End Code That Broke Chrome
Hussein Nasser
My Story
Hussein Nasser
Vlog - Horizontal vs Vertical Scaling
Hussein Nasser
Can User Experience Help Build Better Rest API?
Hussein Nasser
Reverse engineering Instagram in flight mode
Hussein Nasser
The Benefits of the 3-Tier Architecture (e.g. REST API)
Hussein Nasser
Stateless v. Stateful Architecture (Podcast)
Hussein Nasser
The evolution from virtual machines to containers
Hussein Nasser
Proxy vs. Reverse Proxy (Explained by Example)
Hussein Nasser
Canary Deployment (Explained by Example)
Hussein Nasser
No Excuses
Hussein Nasser
Synchronous vs Asynchronous Applications (Explained by Example)
Hussein Nasser
What is an Asynchronous service?
Hussein Nasser
Difference between Client Polling vs Server Push in Notifications
Hussein Nasser
Software vs. Hardware AdBlockers (Explained by Example)
Hussein Nasser
HTTP Caching with E-Tags - (Explained by Example)
Hussein Nasser
Simple Object Access Protocol Pros and Cons (Explained by Example)
Hussein Nasser
Nodejs Express "Hello, World"
Hussein Nasser
Reverse Engineering Instagram feed
Hussein Nasser
Popup Modal Dialog with Javascript and HTML
Hussein Nasser
MIME and Media Type sniffing explained and the type of attacks it leads to
Hussein Nasser
More on: AI Security
View skill →Related Reads
📰
📰
📰
📰
Why I Ditched Socket.IO for Raw WebSockets (And What I Learned)
Dev.to · Nikhil Sharma
atob() can't decode a JWT — the Base64URL gotcha (and the fix)
Dev.to · Daniel Cheong
Why Debugging Made Me a Better Developer
Medium · JavaScript
Mapping Go Domain Errors to HTTP Status Codes at the Boundary
Dev.to · Gabriel Anhaia
🎓
Tutor Explanation
DeepCamp AI