The Transport Layer Security (TLS) protocol is one of the most widely used security protocols on the internet. Yet do implementations of TLS keep on suffering from bugs and security vulnerabilities. In large part is this due to the protocol's complexity which makes implementing and testing TLS notoriously difficult. In this paper, we present our work on using differential testing as effective means to detect issues in black-box implementations of the TLS handshake protocol. We introduce a novel fuzzing algorithm for generating large and diverse corpuses of mostly-valid TLS handshake messages. Stimulating TLS servers when expecting a ClientHello message, we find messages generated with our algorithm to induce more response discrepancies and to achieve a higher code coverage than those generated with American Fuzzy Lop, TLS-Attacker, or NEZHA. In particular, we apply our approach to OpenSSL, BoringSSL, WolfSSL, mbedTLS, and MatrixSSL, and find several real implementation bugs; among them a serious vulnerability in MatrixSSL 3.8.4. Besides do our findings point to imprecision in the TLS specification. We see our approach as presented in this paper as the first step towards fully interactive differential testing of black-box TLS protocol implementations. Our software tools are publicly available as open source projects.

中文翻译：

---

利用异议：面向 TLS 实现的基于模糊测试的差分黑盒测试

传输层安全 (TLS) 协议是 Internet 上使用最广泛的安全协议之一。然而，TLS 的实现是否继续遭受错误和安全漏洞的困扰。这在很大程度上是由于协议的复杂性使得实施和测试 TLS 非常困难。在本文中，我们介绍了使用差异测试作为检测 TLS 握手协议黑盒实现中问题的有效手段的工作。我们引入了一种新颖的模糊算法，用于生成大量多样的语料库大部分有效TLS 握手消息。在期待 ClientHello 消息时刺激 TLS 服务器，我们发现使用我们的算法生成的消息比使用 American Fuzzy Lop 生成的消息引起更多响应差异并实现更高的代码覆盖率，TLS 攻击者， 或者 哪吒. 特别是，我们将我们的方法应用于开放式SSL, 无聊的SSL, 沃尔夫SSL, mbedTLS， 和 矩阵SSL，并发现几个真正的实现错误；其中一个严重的漏洞矩阵SSL 3.8.4. 此外，我们的发现还指出 TLS 规范中的不精确性。我们将本文中提出的方法视为迈向对黑盒 TLS 协议实现进行完全交互式差异测试的第一步。我们的软件工具作为开源项目公开提供。