Saturday, October 17, 2009

Connection Interrupted (TCP RST) has nothing to do with HTTPS aka HTTP over TLS

A network has layers.

In the TCP/IP model, there are four layers. TCP, UDP belong to the transport layer, while HTTP, SSL/TLS belong to application layer. RST (Reset the connection) is a flag in TCP header as in RFC793. RST vulnerability as well as off-path attacks are disscussed in RFC4953. Basically, if a connection is interrupted, it simply means that there is an accepted TCP package with RST flag set. It could be the server who reset the connection, or it could be an attacker. HTTP over TLS aka HTTPS, RFC 2818, is an application layer protocol. SSL/TLS protocol is used between HTTP and the transport layer. From a transport layer's view, the upper layer applications are served in the same way.

To summarize, TCP RST vulnerability is applicable to HTTP or HTTPS or any other application protocols as long as they rely on TCP connection, but it has nothing to do with application layer protocols.

A link to RFC.

No comments:

Post a Comment

Please post your comment here. ;)