cURL TLS 1.3 session ticket proxy host mixup Vulnerability

Hussein Nasser · Intermediate ·🔧 Backend Engineering ·5y ago

Key Takeaways

The video discusses a vulnerability in cURL, specifically a TLS 1.3 session ticket proxy host mixup, which can be exploited by a malicious proxy to intercept and decrypt sensitive data. The vulnerability arises from cURL's confusion between session tickets from the proxy and the remote server.

Full Transcript

guys this one is very interesting uh bug vulnerability in fact that is discovered in curl i don't i don't usually discuss vulnerabilities that are less critical like this one but i just found it fascinating because it is really depends on how the back end is configured you can run into this vulnerability and makes you just appreciate that writing front end code is not easy despite what people might have think a lot of people say hey front end code easy peasy no look at curl curl is the ultimate front end dev if you think about it it's it's all a front end that consumes lots of protocols on the back end but it's a badass swiss army knife it's just fascinating think about that and just the all these use cases that you have to kind of cater with right so if you're building something that consumes the backend if the back end changes or you can put in the configuration that is not supported things can go really wrong so let's discuss this uh title of the vulnerability is tls 1.3 session ticket proxy host mix up right uh we're going to read the blurb and then go i had a diagram uh explained here to explain what exactly this thing enabled by default lib curl supports the use of tls 1.3 session tickets to resume previous tls sessions to speed up subsequent tls handshakes this is also referred to as a zero rtt and tls 1.3 when using an https proxy and tls 1.3 lip curl can confuse session tickets arriving from the https proxy but work as if they are arriving from the remote server and then wrongly shortcut the host handshake the reason for this confusion is the modified sequence from tls 1.2 when the session ids were provided only during the tls handshake while tls 1.3 it happens post handshake and the code was not updated to take the change behavior into account so see what happened when things change right on the back and if you used to do with one thing and then all of a sudden it changes and there's a completely different code path things can go really bad so let's explain what what what what this really is so if i go to uh to this picture and i'm gonna display it in a minute i'm gonna disappear for a second here you can see that the curl or curl lab here is the client there's a proxy set up in the same machine or another different machine and have the proxy ip address set into the machine configuration so that all ip packets goes to the proxy first and layer seven content will be delivered to the actual final destination i talked about proxy versus reverse proxy right but what really happens here if your proxy is https curl or the client will establish a tcp connection between yourself and the proxy that has to happen and then since https it will follow it up with a tls handshake between the client also and the proxy so now your communication between yourself and the proxy is encrypted the first request that the client sends because it realized it's in a proxy configuration it will send something called the http connect method and i talked about it right here if you want to learn more about it that http connect method will be delivered to the proxy and the http connect method has the actual host that you want to connect to in this case this is called host right say google.com so what will happen here is the proxy will establish a tcp connection between itself and the host on your behalf right and then this is will basically be a tunnel from now on so there will be this tcp connection that you have on the front and alongside with tls will be tunneled everything that you send after that connect with it will be part of the tunnel that includes the tls actual tls handshake that you are supposed to do right now when you do a tls to the host right you will send that tls request it will immediately just forward it all the way to the host and now all of a sudden you have another tls session between yourself end to end go ahead and go into in to the host so now you have two tls kind of layered sessions here and you you tell me if this thing is not complicated enough for you right so now we have one tls session between the curl and the proxy and then another trs session between curl and the host now let's go back to the bug the bug here is uh four session resumptions to to to do a session resumption using tickets right the server will reply back with a tls extension says hey by the way let's not do this expensive tls handshake if in the future if you want to re-establish this for me we are stateful right let's just give me your ticket give me this ticket and encrypt everything you want and i'll figure out the new key right essentially the key is encrypted in the ticket somehow right and here's the but there was a confusion on the session to whom this session ticket belongs to curl didn't have that context it was just receiving tech session tickets and it thought this session ticket belonged to the proxy so what would happen here is between these two tls sessions curl got confused and started mixing up the session ticket so if you really think about what really happened here is curl lib doesn't understand who the session tech it belongs to it could belong to the proxy or the host i think it confuses it as it belongs to their host now the proxy what can do a malicious proxy can essentially creates its own session ticket ships it to curl lab as if it's belong to the host and curl it because it has this bug it will think that it belongs to the host and will re-establish the rt0rtt as if we were going to the host and now we just strict curl the client to connect to the host using our ticket so we can see everything because we built this we as the proxy we are the shady man in the middle of proxy we built that session ticket we have that symmetra key inside that ticket so we know how to decrypt it all of a sudden you see the clear text otherwise the whole thing without this the whole thing is end to end right because this is there's this big green tls session essentially so that's that's what's going on there so what was the fix the fix was if you look at the code actually let's zoom in here is to introduce a new method to know that hey am i talking to a proxy am i talking to a backend host right and based on that the parameters the session parameters will be essentially identified and as a result you would not get into a situation where the proxy sees your traffic essentially it's just just one of those things that tells me man building protocols building front end code that is resilient to these kind of uh different kind of back ends to support backward compatible back-ends right in this case supporting tls 1.3 and a proxy alongside with 1.2 right can lead to nasty stuff like this one right and this is not gonna it's not gonna be the end of this uh carl's having a bug bounty system where you can essentially try to find try to break curl lead by any other so let's credit who actually did this create work is you do [Music] mengato yang from facebook discover this all right guys that's it for me today guys this is just uh it's just these things are fascinating to me right this makes you think like building software is hard you have to think about all these situations let me know what you think i'm gonna see on the next one you guys awesome goodbye

Original Description

Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. The reason for this confusion is the modified sequence from TLS 1.2 when the session ids would provided only during the TLS handshake, while in TLS 1.3 it happens post hand-shake and the code was not updated to take that changed behavior into account. Make sure the proxy/host distinction is done correctly. A fix for CVE-2021-22890 (The patch URL will change in the final published version of this advisory) 4:00 http connect https://curl.se/docs/CVE-2021-22890.html 🎙️Listen to the Backend Engineering Podcast https://husseinnasser.com/podcast 🏭 Backend Engineering Videos https://backend.husseinnasser.com 💾 Database Engineering Videos https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2 🏰 Load Balancing and Proxies Videos https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC 🏛️ Software Archtiecture Videos https://www.youtube.com/playlist?list=PLQnljOFTspQXNP6mQchJVP3S-3oKGEuw9 📩 Messaging Systems https://www.youtube.com/playlist?list=PLQnljOFTspQVcumYRWE2w9kVxxIXy_AMo Become a Member https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join Support me on PayPal https://bit.ly/33ENps4 Stay Awesome, Hussein
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Hussein Nasser · Hussein Nasser · 0 of 60

← Previous Next →
1 Extending ArcObjects (IGeometry) - 01 - Getting Started
Extending ArcObjects (IGeometry) - 01 - Getting Started
Hussein Nasser
2 Extending ArcObjects  (IGeometry) - 02 - The Document, The Map and The Layers
Extending ArcObjects (IGeometry) - 02 - The Document, The Map and The Layers
Hussein Nasser
3 Channel Update - New Book, New Job, New Videos
Channel Update - New Book, New Job, New Videos
Hussein Nasser
4 Learn Programming with VB.NET - 01 - Getting Started
Learn Programming with VB.NET - 01 - Getting Started
Hussein Nasser
5 Learn Programming with VB.NET - 02 - Classes and Objects (Part 1)
Learn Programming with VB.NET - 02 - Classes and Objects (Part 1)
Hussein Nasser
6 Learn Programming with VB.NET - 03 - Classes and Objects (Part 2)
Learn Programming with VB.NET - 03 - Classes and Objects (Part 2)
Hussein Nasser
7 Learn Programming with VB.NET - 04 - User Interface
Learn Programming with VB.NET - 04 - User Interface
Hussein Nasser
8 Learn Programming with VB.NET - 05 - By Value v. By Reference
Learn Programming with VB.NET - 05 - By Value v. By Reference
Hussein Nasser
9 Learn Programming with VB.NET - 06 - Variable size, 32 bit vs 64 bit
Learn Programming with VB.NET - 06 - Variable size, 32 bit vs 64 bit
Hussein Nasser
10 Learn Programming with VB.NET - 07 - Conditional Statements
Learn Programming with VB.NET - 07 - Conditional Statements
Hussein Nasser
11 Learn Programming with VB.NET - 08 - Inheritance
Learn Programming with VB.NET - 08 - Inheritance
Hussein Nasser
12 Learn Programming with VB.NET - 09 - Strategy Design Pattern
Learn Programming with VB.NET - 09 - Strategy Design Pattern
Hussein Nasser
13 Learn Programming with VB.NET - 10 -  How did I learn programming
Learn Programming with VB.NET - 10 - How did I learn programming
Hussein Nasser
14 IGeometry 2016 Retrospective - Channel Update
IGeometry 2016 Retrospective - Channel Update
Hussein Nasser
15 Javascript by Example - The Vook
Javascript by Example - The Vook
Hussein Nasser
16 Vlog - Keep your servers close and your database closer
Vlog - Keep your servers close and your database closer
Hussein Nasser
17 Vlog - Client/Server Programming Languages
Vlog - Client/Server Programming Languages
Hussein Nasser
18 Javascript By Example L1E01 - Getting Started
Javascript By Example L1E01 - Getting Started
Hussein Nasser
19 Persistent Connections (Pros and Cons)
Persistent Connections (Pros and Cons)
Hussein Nasser
20 Javascript By Example L1E02 - Building the Calculator Interface
Javascript By Example L1E02 - Building the Calculator Interface
Hussein Nasser
21 Happy new Year from IGeometry!
Happy new Year from IGeometry!
Hussein Nasser
22 Synchronous v. Asynchronous
Synchronous v. Asynchronous
Hussein Nasser
23 Javascript By Example L1E03 - Displaying the Digits on Calculator Screen
Javascript By Example L1E03 - Displaying the Digits on Calculator Screen
Hussein Nasser
24 Show Your Work. Blog, Vlog, Write, Create and Develop!
Show Your Work. Blog, Vlog, Write, Create and Develop!
Hussein Nasser
25 Relational Database Atomicity Explained By Example
Relational Database Atomicity Explained By Example
Hussein Nasser
26 Javascript By Example L1E04 - Operators, All Clear with Arrow Functions
Javascript By Example L1E04 - Operators, All Clear with Arrow Functions
Hussein Nasser
27 What Comes First, User Experience or Software Architecture?
What Comes First, User Experience or Software Architecture?
Hussein Nasser
28 Javascript By Example L1E05 -  Evaluate the Calculator Expressions with eval
Javascript By Example L1E05 - Evaluate the Calculator Expressions with eval
Hussein Nasser
29 Fastest Way to Learn Programming Language or Technology
Fastest Way to Learn Programming Language or Technology
Hussein Nasser
30 Javascript By Example L1E06 -  Fix Leading Zero Bug with Conditions
Javascript By Example L1E06 - Fix Leading Zero Bug with Conditions
Hussein Nasser
31 Stateful vs Stateless Applications (Explained by Example)
Stateful vs Stateless Applications (Explained by Example)
Hussein Nasser
32 Javascript By Example L1E07 - Running our Calculator on the Mobile Phone
Javascript By Example L1E07 - Running our Calculator on the Mobile Phone
Hussein Nasser
33 Advice for New Software Engineers and Developers
Advice for New Software Engineers and Developers
Hussein Nasser
34 Why JSON is so Popular?
Why JSON is so Popular?
Hussein Nasser
35 Building Scalable Software - SLA, HS, VS
Building Scalable Software - SLA, HS, VS
Hussein Nasser
36 Vlog (Istanbul) - Datacenter Proximity
Vlog (Istanbul) - Datacenter Proximity
Hussein Nasser
37 Should Software Engineers Learn Bleeding-Edge Technologies?
Should Software Engineers Learn Bleeding-Edge Technologies?
Hussein Nasser
38 Do Developers Build Bad User Interfaces/Experience?
Do Developers Build Bad User Interfaces/Experience?
Hussein Nasser
39 Learn By Doing.
Learn By Doing.
Hussein Nasser
40 I Wrote Bad Front-End Code That Broke Chrome
I Wrote Bad Front-End Code That Broke Chrome
Hussein Nasser
41 My Story
My Story
Hussein Nasser
42 Vlog - Horizontal vs Vertical Scaling
Vlog - Horizontal vs Vertical Scaling
Hussein Nasser
43 Can User Experience Help Build Better Rest API?
Can User Experience Help Build Better Rest API?
Hussein Nasser
44 Reverse engineering Instagram in flight mode
Reverse engineering Instagram in flight mode
Hussein Nasser
45 The Benefits of the 3-Tier Architecture (e.g. REST API)
The Benefits of the 3-Tier Architecture (e.g. REST API)
Hussein Nasser
46 Stateless v. Stateful Architecture (Podcast)
Stateless v. Stateful Architecture (Podcast)
Hussein Nasser
47 The evolution from virtual machines to containers
The evolution from virtual machines to containers
Hussein Nasser
48 Proxy vs. Reverse Proxy (Explained by Example)
Proxy vs. Reverse Proxy (Explained by Example)
Hussein Nasser
49 Canary Deployment (Explained by Example)
Canary Deployment (Explained by Example)
Hussein Nasser
50 No Excuses
No Excuses
Hussein Nasser
51 Synchronous vs Asynchronous Applications (Explained by Example)
Synchronous vs Asynchronous Applications (Explained by Example)
Hussein Nasser
52 What is an Asynchronous service?
What is an Asynchronous service?
Hussein Nasser
53 Difference between Client Polling vs Server Push in Notifications
Difference between Client Polling vs Server Push in Notifications
Hussein Nasser
54 Software vs. Hardware AdBlockers (Explained by Example)
Software vs. Hardware AdBlockers (Explained by Example)
Hussein Nasser
55 HTTP Caching with E-Tags -  (Explained by Example)
HTTP Caching with E-Tags - (Explained by Example)
Hussein Nasser
56 Simple Object Access Protocol Pros and Cons (Explained by Example)
Simple Object Access Protocol Pros and Cons (Explained by Example)
Hussein Nasser
57 Nodejs Express "Hello, World"
Nodejs Express "Hello, World"
Hussein Nasser
58 Reverse Engineering Instagram feed
Reverse Engineering Instagram feed
Hussein Nasser
59 Popup Modal Dialog with Javascript and HTML
Popup Modal Dialog with Javascript and HTML
Hussein Nasser
60 MIME and Media Type sniffing explained and the type of attacks it leads to
MIME and Media Type sniffing explained and the type of attacks it leads to
Hussein Nasser

The video explains a vulnerability in cURL that can be exploited by a malicious proxy to intercept sensitive data. The vulnerability arises from cURL's confusion between session tickets from the proxy and the remote server. The fix involves introducing a new method to identify whether cURL is talking to a proxy or a backend host.

Key Takeaways
  1. Understand the basics of TLS 1.3 and session ticket resumption
  2. Configure cURL to use a secure HTTPS proxy
  3. Implement the fix to prevent session ticket mixup
  4. Test and verify the security of the cURL configuration
💡 The vulnerability highlights the importance of secure protocol implementation and the need to consider potential interactions between different components in a system.

Related Reads

Up next
Indian Express Editorial Analysis by Chandan Sharma - 1 JULY 2026 | UPSC Current Affairs 2026
StudyIQ IAS
Watch →