[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS renegotiation

To: "William A. Rowe Jr." <wrowe@rowe-clan.net>
Subject: Re: TLS renegotiation
From: Howard Chu <hyc@symas.com>
Date: Thu, 12 Nov 2009 18:20:46 -0800
Cc: Dieter Kluenter <dieter@dkluenter.de>, Emmanuel Lecharny <elecharny@apache.org>, OpenLDAP Devel <openldap-devel@openldap.org>, Ludovic Poitou <Ludovic.Poitou@sun.com>
In-reply-to: <4AFCC050.3020408@rowe-clan.net>
References: <87ws21o1yc.fsf@rubin.avci.de> <4AF69793.4040502@symas.com> <78ECD685-4A3F-4A31-BBD8-23F36D8E9924@sun.com> <4AF9C629.1010502@symas.com> <4AF9FE5F.1020804@nextury.com> <4AFCBC5B.7080907@symas.com> <4AFCC050.3020408@rowe-clan.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.1.5pre) Gecko/20091025 Lightning/1.0pre SeaMonkey/2.0a1pre Firefox/3.0.3

William A. Rowe Jr. wrote:
> Howard Chu wrote:
>> Emmanuel Lecharny wrote:
>>> Wondering if we (ApacheDS) can be a possible target, assuming that we 
>>> are Java based. Any idea ?
>>
>> I think Kurt's post already outlined the points of exposure but just to recap:
>>
>> Renegotiation for privilege escalation is only a threat if the server
>> automatically and implicitly uses the client's certificate for authentication.
> 
> That is fine as it goes.
> 
> But there are other factors involved in the TLS renegotiation sequence, not just
> simply requesting client certificate authentication, and none of that matters
> because the MITM has already injected their self into this stream.
> 
> Unless all other forms of negotation are rejected outright, the problem remains.

Most of it is a non-problem; the MITM cannot inject any operations that will
run under the client's credentials. Nor can it eavesdrop on the encrypted
traffic or tamper with it once underway. It's a lot of work for no gain.

> I'm more interested to know if anyone has looked at the question of which clients
> or servers are using renegotiation features (remember tlsv1_alert import nonsense?)
> or if openldap works just fine with OpenSSL 0.9.8l (renegotiation-crippled) provider.

As I already said here

http://www.openldap.org/lists/openldap-software/200911/msg00102.html

OpenSSL 0.9.8l is broken, renegotiation requests will hang the connection.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Re: TLS renegotiation
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: TLS renegotiation
Next by Date: Re: commit: ldap/servers/slapd bconfig.c
Index(es):
- Chronological
- Thread