Security Glossary: DDoS

SSL Flood and SSL Renegotiation Attacks

SSL Flood and SSL Renegotiation Attacks

An SSL flood or renegotiation attack is a type of Denial of Service (DoS) attack that exploits the computational asymmetry between a client and a server during the establishment of a secure SSL/TLS connection. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols designed to provide secure communication over a computer network, typically used for securing data transmitted over the internet.

In a typical SSL/TLS handshake, the client and server exchange a series of messages to establish a secure connection. This process involves cryptographic operations that are computationally intensive, especially for the server. An SSL flood attack involves sending a large number of SSL handshake requests to the server in a short period, overwhelming the server’s processing capacity and potentially causing it to become unresponsive to legitimate requests.

A renegotiation attack is a variant of the SSL flood attack, where the attacker establishes a secure connection with the server and then repeatedly requests to renegotiate the connection parameters. This renegotiation process is also computationally expensive for the server, and by initiating it repeatedly, the attacker can consume a significant amount of the server’s resources.

Both SSL flood and renegotiation attacks take advantage of the fact that initiating and renegotiating SSL/TLS connections are relatively simple tasks for the client but require a considerable amount of computing power on the server end. This asymmetric workload can be exploited to create a DoS condition, where legitimate users are unable to access the server’s resources due to the excessive load generated by the attack.

To mitigate the risk of SSL flood and renegotiation attacks, server administrators can implement rate limiting to restrict the number of new connections or renegotiations allowed in a given timeframe. Additionally, using specialized hardware or software solutions for SSL/TLS offloading can help reduce the computational burden on the server by handling cryptographic operations more efficiently.