wolfSSL and the ALPACA TLS cross-protocol attack

The ALPACA attack may affect TLS servers who share multiple services and protocols on the same TLS endpoint/instance. The attack is difficult to implement because it requires a Man-in-the-Middle (MitM) position that can intercept and divert the victim’s traffic at the TCP/IP layer. 

As the TLS protocol does not protect the integrity of the TCP connection itself this attack redirects traffic from the intended TLS service to another service on the same endpoint. If the client considers the certificate of the substitute server to be valid for the intended server the authentication of the connection is violated.

This can enable cross-protocol attacks at the application layer, where the client unknowingly sends the protocol data for the intended server to the substitute server that expects a different protocol, potentially compromising the security of either server at the application layer.

For server’s hosting multiple services / protocols on the same endpoint here are steps to help prevent this attack:

1) Enable ALPN: The client and server should enable ALPN by setting `–enable-alpn` or by defining `HAVE_ALPN` and initialize ALPN by calling `wolfSSL_UseALPN`. The server (and preferably the client, too) should use the `WOLFSSL_ALPN_FAILED_ON_MISMATCH` option to enforce strict ALPN verification.

2) Enable SNI: The client and server should enable SNI by setting `–enable-sni` or by defining `HAVE_SNI`. The client should initialize it by calling `wolfSSL_UseSNI`. The server should implement a custom verification for the SNI hostname using the `wolfSSL_CTX_set_servername_callback`.


* ALPACA Attack Paper: https://alpaca-attack.com/index.html#paper

* Instructions for wolfSSL: https://alpaca-attack.com/libs.html#wolfssl

For questions email support@wolfssl.com