Preventing Protocol-Level Vulnerabilities in the Griffin Proxy

Date: 2025-01-04

Table of contents

A. How X is implemented in Griffin?

Griffin use rusttls under the hood. With proper configuration, it already prevent some popular protocol-level attacks.

B. Classification of Protocol-level Attacks Vectors

1. Downgrade Attacks

Attackers try to force the connection to fall back to a weaker protocol.

Examples

  • Forcing TLS 1.3 → TLS 1.0
  • Downgrading cipher suites to weak ones
  • Breaking HTTP/2 to HTTP/1.1 and
  • injecting vulnerabilities

Implications: If your proxy accidentally accepts weaker modes, attackers can hijack or decrypt traffic.

Prevention

  • Disable TLS < 1.2
  • Prefer TLS 1.3
  • Disable all weak ciphers
  • Rustls already prevents downgrade attacks by design

2. MITM via Weak Certificate Validation

If a TLS stack does not validate SAN, CN, signature, or chain properly → attackers insert fake certs.

Examples

  • Accepting expired certificates
  • Accepting wrong hostname
  • Not validating SAN
  • Trusting a self-signed cert accidentally

Prevention

  • Always validate hostnames
  • Always validate certificate chain
  • Rustls has strong strict hostname checking

3. Replay Attacks

Captured requests get replayed (especially POST requests).

Where it matters

  • Authentication tokens
  • Nonces
  • Payment requests

Prevention

  • Use nonce, timestamp, or expiring tokens (JWT)
  • Use TLS 1.3 (built-in anti-replay for 0-RTT)

4. 0-RTT Replay Attack (TLS 1.3)

A unique TLS 1.3 issue: early data (0-RTT) can be replayed.

Prevention

  • Disable 0-RTT unless you know what you’re doing
  • Rustls: do not enable 0-RTT for sensitive operations

5. Certificate Injection Attacks

If your proxy loads certificates dynamically and you do not authenticate them, attackers may inject malicious certs.

Prevention

  • Sign certificates with a known CA
  • Validate issuer
  • Match private key to cert
  • Never allow arbitrary PEM loading without validation

6. SNI-based Attacks

Proxy picks the wrong certificate because:

  • SNI is missing
  • SNI is spoofed
  • Proxy has fallback cert that exposes sensitive domain

Prevention

  • Require SNI for HTTPS
  • Reject empty SNI for TLS 1.2
  • Rustls supports strict SNI routing

7. TLS Renegotiation Attack

TLS renegotiation historically allowed MITM injection.

Prevention

  • Fully disable renegotiation
  • Rustls does not support renegotiation → safe

8. Beast, Crime, Poodle, Lucky13

These are old TLS/SSL attacks.

Good news:

  • Rustls does not implement SSLv2/v3,
  • avoiding all these issues
  • TLS 1.3 removes many old cipher pitfalls

Still, avoid using:

  • CBC mode ciphers
  • RC4
  • TLS 1.0/1.1

9. Sidechannel Attacks

Like timing attacks if you implement crypto incorrectly.

Example

  • Non-constant-time comparison leaks key info
  • RSA padding oracle attacks (Bleichenbacher)

Prevention

  • Use Rustls/OpenSSL — don’t implement crypto yourself
  • Avoid custom crypto unless absolutely necessary

10. ALPN Manipulation

If your proxy does not validate ALPN negotiation:

  • Attacker can force HTTP/1.1 instead of HTTP/2
  • Or downgrade gRPC → HTTP fallback

Prevention

  • Specify allowed ALPN list explicitly
  • Rustls supports ALPN safely