Implementing SSL/TLS
Mohannad Alhanahnah, Qiben Yan
Department of Computer Science and Engineering
University of Nebraska-Lincoln, Lincoln, NE, USA (Email: yan@unl.edu)
Abstract—Developers often make mistakes while incorporating Moreover, even though bug finding tools such as PMD [6]
SSL/TLS functionality in their applications due to the com- define rules to detect weak implementations and potential
plication in implementing SSL/TLS and their fast prototyping bugs based on predefined rules, some of which check security
requirement. Insecure implementations of SSL/TLS are subject
to different types of Man in The Middle (MiTM) attacks, which properties, e.g., MethodReturnsInternalArray1 and ArrayIs-
ultimately makes the communication between the two parties StoredDirectly2 , these tools including PMD do not contain
vulnerable to eavesdropping and hijacking attacks, thereby vio- rules for detecting weak/vulnerable SSL/TLS implementation
lating confidentiality and integrity of the exchanged information. patterns.
This paper aims to support developers in detecting insecure Two insecure SSL/TLS implementation patterns have been
SSL/TLS implementation in their codes by utilizing a low-cost
cross-language static analysis tool called PMD. In the end, two identified, including hostname validation vulnerability and
insecure implementations of SSL/TLS have been identified, and certificate validation vulnerability [5]. Section IV provides
subsequently a new PMD rule set is created. This rule set consists more details about these vulnerable patterns. Meng et al. [1]
of three rules for addressing hostname validation vulnerability and further show that 81.8% of examined posts from Stack Over-
certificate validation vulnerability. The rules have been evaluated flow have endorsed an insecure solution to bypass security
over 1, 517 code snippets obtained from Stack Overflow, and checks by trusting all certificates and/or allowing all host-
the results show that 71% of the code snippets contain insecure
SSL/TLS patterns. The detection rate of our approach is 100%,
names, corresponding to the above two vulnerable patterns.
while it detects 165 violations inside the vulnerable code snippets Addressing the insecure implementation of cryptographic
in total. mechanisms, particularly SSL/TLS implementation, is a press-
Index Terms—SSL/TLS, certificate validation, static analysis. ing need. Apparently, allowing developers to detect insecure
implementations in their codes can significantly reduce the
I. I NTRODUCTION number of insecure applications. Therefore, it is imperative
to provide a tool for developers to produce more secure
Developers, even experienced developers, are prone to make code, and thus avoid the potential security incidents such as
mistakes and not follow the best secure coding practices in Heartbleed [7] and being vulnerable to MiTM attacks.
implementing cryptographic APIs in their applications [1], [2]. This paper contributes towards establishing secure coding
According to a recent survey [3], 83% of the investigated practice for developers by developing practical and ready
269 cryptography related vulnerabilities are caused due to the to use rule sets (consisting of three rules) using PMD to
misuse of cryptographic APIs by the developers, which brings detect vulnerable SSL/TLS implementations. These rules can
serious concerns on the security of the applications. accurately and efficiently identify potential SSL/TLS vulner-
Secure Socket Layer (SSL) and Transport Layer Secu- abilities, and help raise developers’ awareness of insecure
rity (TLS, successor of SSL) are cryptographic mechanisms SSL/TLS implementation patterns.
for securing the communications between two parties, and
vulnerable implementations of these essential security proto- II. BACKGROUND
cols can be subject to Man in The Middle Attack (MiTM),
which ultimately makes the communications between the two This section describes background knowledge about static
parties vulnerable to eavesdropping and hijacking attacks, analysis tools for detecting bugs, and introduces our criteria
thereby violating the confidentiality and integrity of the ex- for selecting the tool to implement our detection rules. Static
changed information. Developers also make mistakes while analysis and dynamic analysis solutions have been introduced
incorporating off-the-shelf SSL/TLS implmentations in their for detecting vulnerability in the applications. Since this work
applications [4], [5]. Recently, Meng et al. [1] analyze the aims at assisting developers in detecting insecure implemen-
posts from Stack Overflow website, and find that developers tation of SSL/TLS, we will review and compare some state-
have the tendency to integrate vulnerable answers related of-the-art solutions proposed for detecting programming bugs
to SSL implementation in their applications, because SSL using static analysis techniques.
implementation is sometimes difficult to comprehend without 1 Exposing internal arrays directly allows the user to modify some code that
sufficient security background, and/or they want to quickly could be critical.
build a prototype in the development environment to catch up 2 Constructors and methods receiving arrays should clone objects and store
with the stringent project deadline. the copy.
Several open source static analysis tools are presented for those vulnerabilities. Then, we present the code snippets that
detecting bugs in Java programs, including: represent each vulnerability. Two insecure implementations
1) FindBugs [8]: is an open source tool for detecting bugs of SSL/TLS have been widely discussed and reported in the
in Java code. It is a static analysis tool on Java bytecode, literature [1], [4], [5], [12], [13]. Figure 1 summarizes these
and can be used via command line and integrated into insecure patterns and a detailed description about each pattern
different IDEs. FindBugs can discover various types of is as follows:
bugs including problematic coding practice and vulner- 1) Certificate validation vulnerability: the certificate and all
abilities. FindBugs rules can be created using Visitor Certificate Authorities (CAs) in the certificate chain of
pattern (Java API). However, this tool does not detect CAs are trusted and not being verified. As illustrated
insecure SSL/TLS implementation patterns. in Listing 1, method (checkServerTrusted) does not
2) Hammurapi [9]: is an open source tool for analyzing perform any verification. To fix the vulnerability, it
Java source code. It can be integrated to IDEs, and is should go over the chain of CAs that are included in the
developed with scalability in mind. Hammurapi employs certificate, and verifies the validity of each CA in the
Abstract Syntax Tree (AST), where new rules can be chain until reaching the root CA. Otherwise, an attacker
added to this tool, using java code or XML rules. How- can replace the original certificate of the server with a
ever, this tool is rather complicated [10], and does not self-signed certificate to be accepted by the client, since
focus on detecting security vulnerabilities and insecure the certificate chain is not verified. As a result, MiTM
implementation patterns. attack can be established.
3) Jlint [11]: is written in C++ for detecting common 2) Hostname validation vulnerability: two insecure patterns
programming errors in Java (e.g., race condition). Jlint have been identified under this vulnerability. The last
performs semantic and syntax analysis on Java bytecode line in Listing 2 shows the case when the developer
for accomplishing its duties. Therefore, Jlint is not in- not only fails to validate the hostname, but he/she
tended for the check and validation of insecure SSL/TLS also allows trusting all hostnames. In Listing 3, host
implementation, nor any kind of other security checks. verification is not performed at all, because the method
Although new rules can be integrated into Jlint, it will (verify) does nothing and always returns true. These
require modifying Jlint’s source code [10], which makes are two most commonly observed vulnerabilities related
Jlint difficult to expand. to hostname validation, the existence of which allows
4) PMD: is an open source tool, which is written in Java MiTM attackers to eavesdrop and hijack the communi-
and it checks Java source code for a set of predefined cations, by allowing an attacker to impersonate the host.
bugs. PMD can be used through command line, and
graphical user interface via the available plugins for
various IDEs. PMD constructs Abstract Syntax Tree
(AST), and then examines the constructed AST for SSL_Vuln_Ruleset
detecting bugs. As mentioned in Section I, PMD checks
for some security bugs, but it neither checks insecure
cryptographic mechanisms, nor examines SSL/TLS im-
plementations. PMD rules can be defined using Java
code (Visitor pattern) or XPath queries. This provides ALLOW_ALL_HOSTN
TrustingAll_CAs Verify method
more flexibility and makes it easier for extension. AME_VERIFIER
Listing 3
A LLOWING ALL H OSTNAMES PATTERN #2
# Detection Alarms
reflects that %71.12 of the code snippets in our dataset contain 85
insecure patterns. Figure 5 shows the number of vulnerable
snippets and non-vulnerable snippets. 80
We also have randomly investigated several code snippets 75
75
that have been detected by one of our rules to verify if they
really contain insecure patterns. 70
65
Certificate Validation Hostname Validation