[Date Prev][Date Next]
Re: TLS renegotiation
William A. Rowe Jr. wrote:
> Howard Chu wrote:
>> Emmanuel Lecharny wrote:
>>> Wondering if we (ApacheDS) can be a possible target, assuming that we
>>> are Java based. Any idea ?
>> I think Kurt's post already outlined the points of exposure but just to recap:
>> Renegotiation for privilege escalation is only a threat if the server
>> automatically and implicitly uses the client's certificate for authentication.
> That is fine as it goes.
> But there are other factors involved in the TLS renegotiation sequence, not just
> simply requesting client certificate authentication, and none of that matters
> because the MITM has already injected their self into this stream.
> Unless all other forms of negotation are rejected outright, the problem remains.
Most of it is a non-problem; the MITM cannot inject any operations that will
run under the client's credentials. Nor can it eavesdrop on the encrypted
traffic or tamper with it once underway. It's a lot of work for no gain.
> I'm more interested to know if anyone has looked at the question of which clients
> or servers are using renegotiation features (remember tlsv1_alert import nonsense?)
> or if openldap works just fine with OpenSSL 0.9.8l (renegotiation-crippled) provider.
As I already said here
OpenSSL 0.9.8l is broken, renegotiation requests will hang the connection.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/