« Bulletproof SSL and TLS March Update: Protocol Attacks | Main | Significant SSL/TLS improvements in Java 8 »

How to build your own test for Apple's TLS authentication bug

March 10, 2014

A couple of weeks ago, I added a test for Apple's TLS authentication bug to SSL Labs. Some people have asked me how they can do that themselves, so that they can test for this problem in a private setting (e.g., their intranet).

First, you need to prepare a special version of OpenSSL. I had to understand the source code a bit to find the exact place, but you can just apply this 2-line patch to OpenSSL 1.0.1f.

Any program that relies on this broken OpenSSL version will work only on the Apple system that suffer from the TLS authentication vulnerability. I used the latest version of the Apache web server. To do the same, follow my instructions how to compile Apache with static OpenSSL libraries.

Finally, the Apache configuration should disable TLS 1.2 as well as all RSA suites, because they are not affected by this bug:

# Apple's TLS authentication bug affects only ECDHE
# and DHE suites, and protocols before TLS 1.2.
SSLProtocol -all SSLv3 TLSv1 TLSv1.1
SSLCipherSuite "EECDH EDH !aNULL !eNULL !EXP !MD5"

You should also configure a certificate the client will trust. Only broken clients will succeed with establishing connections to this web server. Thus, to complete the installation, you need a web page that explains the problem and how it can be addressed.

To make the testing user-friendly, you can place the test on some other web server, then test using JavaScript. All you need to do is attempt to retrieve a page from the broken web server: if that works, you know that the client is vulnerable. I used jQuery for this. Feel free to copy the code from the SSL Labs test.

For the cross-site requests to work, you'll need to further configure the broken web site to allow access from your test site:

Header set Access-Control-Allow-Origin https://www.ssllabs.com

And it's best to disable caching, so that the browser has to attempt to retrieve the file on every test:

Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma no-cache
Header set Expires 0
MY BOOK: If you like this blog post, you will love Bulletproof TLS and PKI. For system administrators, developers, and IT security professionals, this book provides a comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI and will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. It's available now.