Vulnerability & Exploit Database

Back to search

OpenSSL TLS 1.1 and 1.2 AES-NI DoS

The AES-NI implementation of OpenSSL 1.0.1c does not properly compute the length of an encrypted message when used with a TLS version 1.1 or above. This leads to an integer underflow which can cause a DoS. The vulnerable function aesni_cbc_hmac_sha1_cipher is only included in the 64-bit versions of OpenSSL. This module has been tested successfully on Ubuntu 12.04 (64-bit) with the default OpenSSL 1.0.1c package.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Wolfgang Ettlinger <wolfgang.ettlinger [at]>




Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/dos/ssl/openssl_aesni msf auxiliary(openssl_aesni) > show actions ...actions... msf auxiliary(openssl_aesni) > set ACTION <action-name> msf auxiliary(openssl_aesni) > show options and set options... msf auxiliary(openssl_aesni) > run

Related Vulnerabilities