[squid-dev] [PATCH] Fix SSL certificate cache refresh and collision handling.

Christos Tsantilas christos at chtsanti.net
Fri Jul 14 15:18:55 UTC 2017 

SslBump was ignoring origin server certificate changes and using the
previously cached fake certificate (mimicking now-stale properties).
Also, Squid was not detecting key collisions inside certificate caches.

On-disk certificate cache fixes:

   - Use the original certificate signature instead of the certificate
     subject as part of the key. Using signatures reduces certificate key
     collisions to deliberate attacks and woefully misconfigured origins,
     and makes any mishandled attacks a lot less dangerous because the
     attacking origin server certificate cannot by trusted by a properly
     configured Squid and cannot be used for encryption by an attacker.

     We have considered using certificate digests instead of signatures.
     Digests would further reduce the attack surface to copies of public
     certificates (as if the origin server was woefully misconfigured).
     However, unlike the origin-supplied signatures, digests require
     (expensive) computation in Squid, and implemented collision handling
     should make any signature-based attacks unappealing. Signatures won
     on performance grounds.

     Other key components remain the same: NotValidAfter, NotValidBefore,
     forced common name, non-default signing algorithm, and signing hash.

   - Store the original server certificate in the cache (together with
     the generated certificate) for reliable key collision detection.

   - Upon detecting key collisions, ignore and replace the existing cache
     entry with a freshly computed one. This change is required to
     prevent an attacker from tricking Squid into hitting a cached
     impersonating certificate when talking to a legitimate origin.

In-memory SSL context cache fixes:

   - Use the original server certificate (in ASN.1 form) as a part of the
     cache key, to completely eliminate cache key collisions.

Other related improvements:

   - Make the LruMap keys template parameters.
   - Polish Ssl::CertificateDb class member names to match Squid coding
     style. Rename some functions parameters to better match their
     meaning.
   - Replace Ssl::CertificateProperties::dbKey() with:
      * Ssl::TxtKeyForCertificateProperties() in ssl/gadgets.cc for
        on-disk key generation by the ssl_crtd helper;
      * Ssl::UniqueKeyForCertificateProperties() in ssl/support.cc for
        in-memory binary keys generation by the SSL context memory cache.
   - Optimization: Added Ssl::BIO_new_SBuf(SBuf*) for OpenSSL to write
     directly into SBuf objects.

This is a Measurement Factory project.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-210-SSL-Certificate-Cache-fixes-t3.patch
Type: text/x-patch
Size: 104866 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170714/571ec51a/attachment-0001.bin>

More information about the squid-dev mailing list