December 3, 2016

SSL Denial Of Service Tool Released

 

(LiveHacking.Com) – The Hacker’s Choice (THC) has added a new program to its repository of  hacking tools. The new tool is designed to verify the performance of the encryption algorithms used in SSL. However since most servers are not designed to handle large amounts of SSL handshakes, running the test will cause a denial of service.

To establish a secure SSL connection generally requires 15 times more CPU power on the server than on the client and so the THC-SSL-DOS tool has been built to exploit this asymmetry by overloading the server. The overload will result in a denial of service as the server struggles to cope with the incoming SSL connections.

Although is isn’t a new problem, it has been observed and discussed since 2003, it is the first time a compact tool has been written to expose the problem from the client end. A simple laptop can issue 300 SSL handshakes per second and only use around 10 to 25% of the client CPU power. The result is that a laptop on a DSL connection can challenge a server on a 30Gbit link.

The denial of service attack can be launched on any SSL connection including HTTPS, POP3S and SMTPS.

This problem affects all SSL implementations today.