Testing Your SSL Server for CRIME
We still have to wait for later this week when Juliano Rizzo and Thai Duong will present their CRIME SSL/TLS attack at Ekoparty Security Conference. Regardless, we now know that the attack is based on the implementation of TLS compression or SPDY (pronounced “speedy”).
CRIME uses the vulnerability that there is information leakage when data is compressed prior to encryption. If a man-in-the-middle (MITM) attacker can observe network traffic and cause the victim’s browser to submit requests, then using the CRIME attack they can steal the session cookie. With the session cookie, they can hijack the victim’s session.
In order for the attack to be used, TLS compression or SPDY need to be implemented by both the browser and the Web server. So, if you want to protect your users, please turn off TLS compression or SPDY.
I asked a knowledgeable Web server operator about TLS compression and he wasn’t familiar with the feature. According to Ivan Ristić, SSL Labs tests across the SSL Pulse data set indicate that about 42 percent of the servers support TLS compression. SSL Labs tests are not completed, but they are also seeing about 0.8 percent support for SPDY. So, you may or may not have TLS compression or SPDY implemented. How do you know?
Here is a quick test. Go to SSL Labs SSL Server Test site and find out. Once on the site, type in your SSL protected domain name. In the results, check at the bottom for Compression and Next Protocol Negotiation (SPDY). If they say “No,” then the tested site is not susceptible to the CRIME attack. If they say “Yes,” then disable TLS compression or SPDY. According to Ristić, if your server does not support disabling, it will soon.