Woot '13: 7th Usenix Workshop on Offensive Technologies Network Attacks I Truncating Tls Connections to Violate Beliefs in Web Applications

Alfredo Pironti began by explaining that they had found they could exploit Web application logic by disrupting TLS by closing the connection. For example, a wire transfer to “Charlie%27s_ Angels” could become one for “Charlie” if the packet were fragmented after “Charlie” and the connection closed before the second packet was sent. Pironti said that the solution was as simple as correctly designing the application protocol so that transfers only occur if the length of the payload is correct and the graceful closing of the TLS connection.