> An attacker could repeat the undefined plaintext warning packets of "SSL3_AL_WARNING" during the handshake, which will easily make to consume 100% CPU on the server.

> It is an implementation problem in OpenSSL that OpenSSL would ignore undefined warning, and continue dealing with the remaining data(if exist). So the attacker could pack multiple alerts inside a single record and send a large number of there large records. Then the server will be fallen in a meaningless cycle, and not available to any others.

SSL3 is vulnerable and should be banned in the webserver's configuration. It stopped being supported by major browsers years ago.

The article doesn't say if webservers are vulnerable when they block SSL3 entirely. If so, it's the hell of a critical vulnerability! Otherwise, http://disablessl3.com/

"All versions (SSL3.0, TLS1.0, TLS1.1, TLS1.2) are affected." according to http://security.360.cn/cve/CVE-2016-8610/

It would be helpful if the researchers clarified how potent this DoS attack vector is. Is sending "a large number of these large records" more efficient at denying availability than a naive flood using e.g. SYNs or UDP?

This seems like a pretty... weak vulnerability.

Sure -- you can send an SSL server a bunch of junk data, and it'll try to process that data. But from what I gather, it's not as though it takes an unusually long time for it to process these warnings either. Any attacker with the resources to perform this attack could probably just as easily saturate the host's network connection without involving SSL at all.

there's currently no post on openssl.org but i expect them to publish one soon. Also, now with all the OpenSSL sh*tstorm this year, I really wonder if LibreSSL is vulnerable to this security problem...

so far nginx is the only server which is affected by this issue, but the latest version wasnt affected.