Unhandled SSL Exception

ID

kotlin.unhandled_ssl_exception

Severity

high

Resource

Exception Management

Language

Kotlin

Tags

CWE:248, NIST.SP.800-53, OWASP:2021:A4, PCI-DSS:6.5.5

Description

Unhandled SSL exception.

Rationale

In Kotlin, TLS/SSL error handling typically involves the java.net.ssl.SSLException and its subtypes, such as SSLHandshakeException, SSLKeyException, SSLPeerUnverifiedException, and SSLProtocolException. These exceptions arise when the SSL subsystem detects protocol or security issues, particularly during SSL handshake or negotiation. If these errors are not caught and handled, the connection may be left in an unexpected and insecure state.

According to CWE 248, unhandled exceptions can lead to application failure and security vulnerabilities. This rule insists that for every network operation using the TLS/SSL protocol that could throw an SSL exception, these exceptions must be caught (and not ignored) within the same method to ensure proper processing of security-related errors. It’s essential to note that SSLException is a subclass of java.io.IOException, so it should be handled explicitly before catching IOException.

Here’s an example of a client connecting over HTTPS without proper exception handling:

import java.io.IOException
import java.net.URL
import javax.net.ssl.HttpsURLConnection

class UnsafeSSLConnection {
    @Throws(IOException::class)
    fun dummy(): Any? {
        val url = URL("https://host.com/path")
        val conn = url.openConnection() as HttpsURLConnection
        return conn.content
    }
}

In this example, an SSLException can cause the application to terminate unexpectedly, potentially exposing security or operational vulnerabilities.

Remediation

To mitigate Unhandled SSL Exception vulnerabilities, implement the following practices:

  1. Explicit Exception Handling: Use try-catch blocks specifically for SSLException and its subtypes to address SSL/TLS-related exceptions before handling general IOException.

  2. Maintain Secure States: Ensure that after catching SSL exceptions, the application does not fall back to insecure operations, and necessary cleanup or logging is performed.

  3. Logging and Monitoring: Capture critical details about SSL/TLS exceptions in logs for diagnostics without exposing sensitive information. Implement monitoring to alert on frequent SSL errors.

References