The relationship between SSH, SSL, and the Heartbleed bug
I will lead with the summary: since the Heartbleed bug is a bug in OpenSSL's implementation of a part of the TLS protocol, no version or implementation of SSH is affected by Heartbleed because the SSH protocol is not built on top of TLS.
So, there's four things involved here:
- SSL aka TLS
is the underlying network encryption protocol used for HTTPS and
a bunch of other SSL/TLS things. Heartbleed
is an error in implementing the 'TLS heartbeat' protocol extension
to the TLS protocol. A number of other secure protocols are built
partially or completely on top of TLS, such as OpenVPN.
- SSH is the protocol
used for, well, SSH connections. It's completely separate from
TLS and is not layered on top of it in any way. However, TLS and
SSH both use a common set of cryptography primitives such as
Diffie-Hellman key exchange, AES, and
SHA1.
(Anyone sane who's designing a secure protocol reuses these primitives instead of trying to invent their own.)
- OpenSSL is an implementation of SSL/TLS in the form of a large
cryptography library. It also exports a whole bunch of functions
and so on that do various cryptography primitives and other
lower-level operations that are useful for things doing cryptography
in general.
- OpenSSH is one implementation of the SSH protocol. It uses various functions exported by OpenSSL for a lot of cryptography related things such as generating randomness, but it doesn't use the SSL/TLS portions of OpenSSL because SSH (the protocol) doesn't involve TLS (the protocol).
Low level flaws in OpenSSL such as Debian breaking its randomness can affect OpenSSH when OpenSSH uses something that's affected by the low level flaw. In the case of the Debian issue, OpenSSH gets its random numbers from OpenSSL and so was affected in a number of ways.
High level flaws in OpenSSL's implementation of TLS itself will never affect OpenSSH because OpenSSH simply doesn't use those bits of OpenSSL. For instance, if OpenSSL turns out to have an SSL certificate verification bug (which happened recently with other SSL implementations) it won't affect OpenSSH's SSH user and host key verification.
As a corollary, OpenSSH (and all SSH implementations) aren't directly affected by TLS protocol attacks such as BEAST or Lucky Thirteen, although people may be able to develop similar attacks against SSH using the same general principles.
|
|