SA44 : TLS/SSLv3 renegotiation (CVE-2009-3555)
- Status: Closed
- Severity: Medium
- CVSS Base Score: CVSS v2: 6.4
TLS and SSLv3 are vulnerable to a man-in-the-middle attack. This vulnerability is due to a design flaw in the cipher suite renegotiation capability of the protocol, not to a particular implementation defect. The vulnerability allows an attacker to insert his own traffic into the beginning of the client’s application protocol stream.
In order to fully protect against this threat, clients as well as origin content servers must be updated to support secure TLS renegotiation as defined in RFC 5746.
Blue Coat Systems is fixing this vulnerability across all currently supported product lines by implementing RFC 5746 to allow, but not require, secure renegotiation.
The following products are vulnerable.
All versions of Director prior to 184.108.40.206 are vulnerable.
Secure renegotiation support is provided in the following releases. By default, secure renegotiation is required. A CLI option to support but not require secure renegotiation is available.
Director 5.5 - an interim fix is available in 220.127.116.11.
Director 5.4 and earlier - please upgrade to a later version.
All versions of Intelligence Center prior to 18.104.22.168 are vulnerable.
Secure renegotiation support is provided in the following releases. Clients that support secure renegotiation will be allowed to renegotiate a session key. Clients that do not support secure renegotiation can establish an SSL/TLS session but cannot perform legacy renegotiations.
IntelligenceCenter 3.1 - a fix is available in 22.214.171.124.
IntelligenceCenter 2.1 and earlier - please upgrade to a later version.
All versions of PacketShaper prior to 8.5.5 are vulnerable. All versions of PacketShaper 8.6 are vulnerable. All versions of 8.7 are not vulnerable.
Management connections to PacketShaper and connections from PacketShaper to LDAP configuration servers are vulnerable to an attack.
Traffic passing through PacketShaper for classification and shaping cannot be affected since PacketShaper does not serve as a TLS/SSL endpoint. Compression and acceleration tunnels do not use SSL so are not affected.
Secure renegotiation support is provided in the following releases. A CLI option to require secure renegotiation is available. Secure renegotiation is disabled by default.
PacketWise 8.7 - a fix is available in 8.7.1.
PacketWise 8.6 - please upgrade to a later version.
PacketWise 8.5 - a fix is available in 8.5.5.
All versions of ProxyAV prior to 126.96.36.199 are vulnerable.
Secure renegotiation support is provided in the following releases. Clients that support secure renegotiation will be allowed to renegotiate a session key by default. An option is provided in the Management Console to allow clients that do not support secure renegotiation to access ProxyAV.
ProxyAV 3.4 - a fix is available in 188.8.131.52.
ProxyAV 3.3 - a fix is available in 184.108.40.206.
ProxyAV 3.2 and earlier - please upgrade to a later version.
All versions of ProxySG prior to 6.1 are vulnerable.
ProxySG uses TLS/SSL to accelerate and control traffic, for management and configuration operations, to interact with other Blue Coat products, and to interact with third-party and other Blue Coat servers. All TLS/SSL connections are vulnerable to an attack. ProxySG cannot protect against an attack.
Secure renegotiation support is provided in the following releases. A CLI option to require secure renegotiation is available and is disabled by default. To enable the option, set the ssl command option force-secure-renegotiation to enable .
ProxySG 6.1 - a fix is available in SGOS 220.127.116.11 or later.
ProxySG 5.5 - a fix is available in SGOS 18.104.22.168.
ProxySG 5.4 - a fix is available in SGOS 22.214.171.124 or later. If you are intercepting SSL, Blue Coat recommends that you upgrade to SGOS 126.96.36.199.
ProxySG 5.3 - please upgrade to a later version.
ProxySG 4.3 - a fix is available in SGOS 188.8.131.52.
All versions of Reporter prior to 184.108.40.206 are vulnerable.
Blue Coat recommends that Reporter be deployed behind the firewall. Given this typical deployment, the CVSS v2 base score is 4.8 (AV:A/AC:L/Au:N/C:N/I:P/A:P).
Secure renegotiation support is provided in the following releases. The 9.2 releases do not provide an option to require secure renegotiation. The 9.3 and later releases provide an option to force secure renegotiation.
Reporter 9.3 - a fix is available in 220.127.116.11 and later.
Reporter 9.2 -a fix is available in 18.104.22.168.
Reporter 8.3 and earlier - please upgrade to a later version.
The following products are not vulnerable to attack because they use SSL/TLS libraries that are provided by the platform. Blue Coat recommends that customers update the underlying operating systems for these products.
The Proxy Client uses the on-platform TLS/SSL libraries provided by Microsoft. It only establishes a TLS/SSL connection to ProxySG to download new files and configuration and to upload monitoring information. If the connection to ProxySG is targeted, the attacker is limited to injecting malformed or misleading monitoring information.
K9 uses the on-platform TLS/SSL libraries provided by Microsoft.
The following Blue Coat services do not support secure renegotiation at the current time:
The following Blue Coat services now support secure renegotiation:
Secure connections between Blue Coat products will fail unless both products are updated to support secure renegotiation. For example, a secure ICAP connection between ProxySG and ProxyAV will fail unless both products are updated.
Secure connections with third-party servers will fail unless the third party server has been updated to support secure renegotiation. For example, uploading access logs via HTTPS to an Apache or IIS server that has not been updated will fail.
The TLS protocol and SSLv3 protocols do not properly associate renegotiation handshakes with an existing connection. This allows an attacker to insert content of his choice at the beginning of the client’s interaction with the server. The attacker will not be able to read the traffic between the client and server.
Initial exploits of this vulnerability have focused on the HTTP protocol. Other protocols that use TLS/SSLv3 are vulnerable as well.
The IETF TLS working group has published RFC 5746 that specifies enhancements to the protocol to support secure renegotiation. Blue Coat Systems is implementing the RFC across affected product lines.
By default, products will support secure renegotiation, but will not require it. This allows Blue Coat products to preserve backward compatibility with servers and clients that do not support secure renegotiation.
Options are available for each product to require secure renegotiation, thereby providing full protection against attacks that exploit this vulnerability. However, requiring secure renegotiation will cause SSL/TLS connections to clients and/or servers that do not support secure renegotiation to fail.
2015-01-20 Marked as final
2012-12-20 Added fix for ProxyAV 3.3
2012-01-31 Update on PacketWise.
2012-01-18 Update on PacketWise.
2012-01-17 Change to indicate Reporter 22.214.171.124 or later has the option to require secure renegotiation.
2012-01-12 Notificaiton of option in Reporter to force secure renegotiation. Added additional OS search strings.
2012-01-11 Notification of a fix in ProxyAV.
2012-01-10 Notification of a fix in IntelligenceCenter.
2011-09-13 Notification of a Director 5.5 patch release. Minor update for Reporter versions that are vulnerable.
2011-02-04 Notification of SGOS fix in SGOS 126.96.36.199 and SGOS 188.8.131.52. Changed SGOS 5.4.x recommended version fix to SGOS 184.108.40.206. Notification of Reporter fix in 220.127.116.11.
2010-11-01 Notification of ProxySG fix in 18.104.22.168 patch release.
2010-10-27 Notification of ProxySG version 22.214.171.124 patch release being promoted to GA release. Notification that the BCWF download and image download services now support secure renegotiation.
2010-10-15 Notification of ProxySG fix in 126.96.36.199 patch release.
2010-10-01 Additional details added. Notificaiton of ProxySG fix in 188.8.131.52.
2010-05-20 Clarification on the need to patch clients and origin content servers
2010-02-23 Initial public release
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.