Unhandled SSL Exception

ID

java.unhandled_ssl_exception

Severity

high

Resource

Exception Management

Language

Java

Tags

CWE:248, NIST.SP.800-53, OWASP:2021:A4, PCI-DSS:6.5.5

Description

Unhandled SSL exception.

Rationale

In Java, TLS/SSL error handling typically involves the java.net.ssl.SSLException and its subtypes, such as SSLHandshakeException, SSLKeyException, SSLPeerUnverifiedException, and SSLProtocolException. These exceptions arise when the SSL subsystem detects protocol or security issues, particularly during SSL handshake or negotiation. If these errors are not caught and handled, the connection may be left in an unexpected and insecure state.

According to CWE 248, unhandled exceptions can lead to application failure and security vulnerabilities. This rule insists that for every network operation using the TLS/SSL protocol that could throw an SSL exception, these exceptions must be caught (and not ignored) within the same method to ensure proper processing of security-related errors. It’s essential to note that SSLException is a subclass of java.io.IOException, so it should be handled explicitly before catching IOException.

Here’s an example of a Java client connecting over HTTPS without proper exception handling:

import javax.net.ssl.HttpsURLConnection;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;

public class UnsafeSSLConnection {
    public Object dummy() throws IOException {
        HttpsURLConnection conn = new URL("https://host.com/path").openConnection();
        return conn.getContent();
    }
}

In this example, an SSLException can cause the application to terminate unexpectedly, potentially exposing security or operational vulnerabilities.

Remediation

To mitigate Unhandled SSL Exception vulnerabilities, implement the following practices:

  1. Explicit Exception Handling: Use try-catch blocks specifically for SSLException and its subtypes to address SSL/TLS-related exceptions before handling general IOException.

  2. Maintain Secure States: Ensure that after catching SSL exceptions, the application does not fall back to insecure operations, and necessary cleanup or logging is performed.

  3. Logging and Monitoring: Capture critical details about SSL/TLS exceptions in logs for diagnostics without exposing sensitive information. Implement monitoring to alert on frequent SSL errors.

import javax.net.ssl.HttpsURLConnection;
import java.io.InputStream;
import java.net.URL;
import java.io.IOException;
import javax.net.ssl.SSLException;
import javax.net.ssl.HttpsURLConnection;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;

public class UnsafeSSLConnection {
  public Object dummy() throws IOException {
    try {
      HttpsURLConnection conn = new URL("https://host.com/path").openConnection();
      return conn.getContent();

    } catch (SSLHandshakeException e) {
      System.err.println("SSL handshake failed: " + e.getMessage());
      handle(e);
      // Handle handshake-specific logic

    } catch (SSLException e) {
      System.err.println("SSL exception occurred: " + e.getMessage());
      handle(e);
      // Handle SSL-specific logic

    } catch (IOException e) {
      System.err.println("IO exception occurred while connecting: " + e.getMessage());
      handle(e);
      // Handle IO-related logic
    }
  }
}

Applying these strategies ensures that Java applications handle SSL exceptions robustly, maintaining security and reliability even when errors occur during secure communications.

References