Saturday, April 04, 2009

Why SSL sucks, #458738


I accessed "mail.yahoo.com" and got this error message saying the certificate is bad. Normally, this would be cause to panic. While lesser sites might get SSL wrong, the big sites should get it right. Therefore, if you see a certificate error at a big site like Yahoo!, you should assume somebody is trying to man-in-the-middle your connection.

However, on closer inspection, it appears that Yahoo! fouled up. It's the result of "mail.yahoo.com" incorrectly using a certificate for "login.yahoo.com".

The fact that even a large site like Yahoo! cannot get SSL is pretty damning for SSL.

15 comments:

dre said...

sslfail.com

Andy Steingruebl said...

How exactly does this indicate that SSL is too tricky or fatally flawed?

Lots of people cut off fingers with lawnmowers and chainsaws. They require knowing what you're doing to operate them and not doing stupid stuff.

This SSL failure mode is quite simple to avoid isn't it? Operational failures happen all the time. Don't blame SSL for them.

I'm not saying SSL doesn't have faults, just trying to say this example is a bad one to prove it is flawed.

Robert Graham said...

Because if you don't pay attention, the lawn mower won't hurt you. If you don't pay attention to SSL, hackers will get you. Anything that requires the average user to pay careful attention 100% of the time, and get it right, is flawed.

ReneS said...

>Because if you don't pay
>attention, the lawn mower
>won't hurt you.
I doubt that!

Andy Steingruebl said...

Ok, I understand your concern, but I'm not sure that:

1. This is actually a problem with SSL rather than with how browsers deal with websites and HTTPS, indicators, etc.

2. Yahoo's failure has anything to do with it.

3. What you're proposing to do about it that you *know* will work better. its nice to speculate, but a lot of your complaint seems to center on human-computer interaction - so how about some data to back up alternative approaches rather than just philosophizing...?

Robert Graham said...

is this a problem with SSL or browsers/websites?

If, after 10 years, neither browsers nor websites can get it right, you have to start thinking that maybe the problem is with SSL.

how would you fix it?

Trust SSL less.

Actually, there are lots of improvements, such as for users to have certificates on their machines for mutual authentication, but that's not my point. My point is that we shouldn't be telling users to trust SSL, we should be telling them not to trust SSL, and to behave accordingly.

Tom T. said...

I caught Microsoft in the same error. It's not widely known, but you can get MS updates securely through https://update.microsoft.com. However, when I first started doing this, I got the same error - "certificate mismatch". Seems the site was update.microsoft.com, but
the cert was issued to www.microsoft.com. I emailed them, got a reply, "Not my job, but
will forward this". Never heard from them again, but a few months later, they fixed it. So if you go there and see the correct certificate issued in July 2008, (cough) (blush) ... Anyway, this isn't a flaw in SSL. It's just that people have to be accurate. Isn't it strange that people who write computer code for a living, where a single-character syntax error is fatal, can be so careless in these other aspects? And the mismatch hardly indicated a MITM or other attack. You have to use a bit of discretion in determining how alarming the warning really is. But don't blame the tool, as SecurityRetentive said. And as for trusting SSL less, what is the present alternative? Quit banking online, I guess.

Brian said...

Did you encounter this error during the normal a normal browsing sequence (i.e. you were linked or redirected to a URL that generated this error) or did you force an HTTPS request to this address? If the latter, then I would argue that this is not an error that would ever occur during a normal user experience and thus is somewhat bogus. You can forcefully browse to any HTTPS site using an IP address instead of the hostname and you'll get a browser certificate error...this doesn’t mean anything. You are forcing an error that would never occur during the normal course of events. SSL certificate warnings are not designed to prevent this...they are designed to prevent against errors that WOULD normally occur as a result of a typical browsing sequence.

Robert Graham said...

I typed "mail.yahoo.com" address in the address bar of the browser, and it came back with that error message.

Tom T. said...

@ Robert Graham: What I have bookmarked is login.yahoo.com, which is the correct login site and displays the proper certificate when asked, no errors.

@ Brian: Are links and redirects the only "normal" method of browsing? (as opposed to typing in an address or using a bookmark, say)

They offer the service. You'll get a warning of mixed content: "Do you wish to allow the unencrypted portion?" You must click "No", or you'll be taken back to the standard http site. But from then on, you continue the entire session over SSL. It seems that if they didn't wish to offer the updates via SSL, you'd get some kind of error or redirect or 404 message.

Also, doesn't the fact that they fixed it kind of indicate that they meant to offer the service to those who discover it, or are you also crediting me with inspiring or coercing Microsoft into offering secure updates? in which case, humbly honored... thank you.

mokum von Amsterdam said...

https://gmail.com had the same issue for many moons.
SSL is a technical sound concept being used in appropriate ways.

Brian said...

It would appear that your site suffers from the same issue.

https://erratasec.blogspot.com/

erratasec.blogspot.com uses an invalid security certificate.

The certificate is only valid for the following names:
blogger.com , *.blogger.com

(Error code: ssl_error_bad_cert_domain)

Tom T. said...

@ Brian: The site you posted is the home page, to which it appears users cannot add content. As soon as I click, "Post a comment", I get redirected to https://www.blogger.com/comment etc.
which shows no errors and presents a cert to *blogger.com when asked. So the place where user content is uploaded is properly secured.

Please forgive me, but I believe that what you cited was what you thought I was doing to MS Update: trying to force https on a site that isn't properly certified or intended for it. Not trying to argue, and SSL certainly has come under some fire lately, I just don't want to see it come under *invalid* fire. Again, no offense. MHO. YMMV. Cheers!

Robert Graham said...

@Tom T: You appear to be right. If I follow "https://erratasec.blogspot.com", and add the exception, it simply redirects to "http://www.google.com". In other words, nobody intended you to go to "https://erratasec.blogspot.com". In the case of "mail.yahoo.com", though, I got a redirect to "https://mail.yahoo.com", which then gave me an error message, so it appears to be intend, although broken, behavior.

Tom T. said...

@ Robert Graham: Thank you. I can't even reproduce the error you guys are getting. If I type mail.yahoo.com, I get an immediate redirect to https-login.yahoo etc. as before. If I go to plain old Yahoo.com (unsecured site) and click either "mail" or "sign in", again I get taken to the secure site automatically. Excellent behavior, as far as I can see.

FWIW, I'm on Firefox browser (and with NoScript add-on). What browser are the OP and those getting this error using?