how to disable ssl / tls renegotiation handshakes mitm plaintext data injection on windows server
Vulnerabilities & Remediation February 26, 2021
In the course of my cyber security job, a security scan flagged some servers as having the SSL / TLS renegotiation Handshake MITM vulnerability.
What does this vulnerability mean?
The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer.
Data Received: SSLv3 supports insecure renegotiation.
That's not all, a DDOS attack is also imminent as the remote server takes more resources when treating requests from the malicious client.
How to remediate this?
You can use the AllowInsecureRenegoClients and the AllowInsecureRenegoServers entry DWORD values in the following registry path to enable strict mode on the client or on the server:
Create a DWORD: DisableRenegoOnClient with value 1
Create a DWORD: DisableRenegoOnServer with value 1
This may cause issues with applications requiring SSL/TLS Renegotiation feature.
Information and Cyber Security Professional. All thoughts and opinions expressed here are my own, and may not be representative of my employer, or any other entity unless I am specifically quoting someone.