Implementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes and key exchange methods, where each combination may prescribe a different message sequence between the client and the server. We address the problem of designing a robust composite state machine that can correctly multiplex between these different protocol modes.
We systematically test popular open-source TLS implementations for state machine bugs and discover several new critical security vulnerabilities that have lain hidden in these libraries for years. We call these collection of vulnerabilities SMACK: State Machine Attacks on TLS.
This page presents exploits and disclosure information related to these attacks. For a technical overview of the TLS state machine and our protocol fuzzing methodology, please refer to our research paper (to appear at IEEE Security & Privacy 2015).
All the attacks on this page assume a network adversary (i.e. a man-in-the-middle) to tamper with TLS handshake messages. The typical scenario to mount such attacks is by tampering with the Domain Name System (DNS), for example via DNS rebinding or domain name seizure.