Language Selection

English French German Italian Portuguese Spanish

Another Protocol Bites The Dust

Filed under

For the last 6 weeks or so, a bunch of us have been working on a really serious issue in SSL. In short, a man-in-the-middle can use SSL renegotiation to inject an arbitrary prefix into any SSL session, undetected by either end.

To make matters even worse, through a piece of (in retrospect) incredibly bad design, HTTP servers will, under some circumstances, replay that arbitrary prefix in a new authentication context. For example, this is what happens if you configure Apache to require client certificates for one directory but not another. Once it emerges that your request is for a protected directory, a renegotiation will occur to obtain the appropriate client certificate, and then the original request (i.e. the stuff from the bad guy) gets replayed as if it had been authenticated by the client certificate. But it hasn’t.

Not that the picture is all rosy even when client certificates are not involved.

Vulnerability in SSL/TLS protocol According to reports, vulnerabilities in the SSL/TLS protocol can be exploited by attackers to insert content into secure connections. If this is correct, it would affect HTTPS and all other protocols which use TLS for security, including IMAP. The precise effects of the problem are not discussed in the reports. It would, however, appear to be possible to manipulate HTML content from websites during data transfer and, for example, inject malicious code.

The crux of the problem is, rather than a flawed implementation, a design flaw in the TLS protocol when renegotiating parameters for an existing TLS connection. This occurs when, for example, a client wants to access a secure area on a web server which requires the requesting client certificates. When the server establishes that is the case, it begins a renegotiation to obtain the appropriate client certificate. The original request gets replayed during this renegotiation as if it had been authenticated by the client certificate, but it has not. The discoverer of the problem describes this as an "authentication gap".

Rest Here

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's leftovers

  • The Linux Migration: April 2017 Progress Report
    In December 2016, I kicked off a migration to Linux (from OS X) as my primary laptop OS. In the nearly 4 months since the initial progress report, I’ve published a series of articles providing updates on things like which Linux distribution I selected, how I’m handling running VMs on my Linux laptop, and integration with corporate collaboration systems (here, here, and here). I thought that these “along the way” posts would be sufficient to keep readers informed, but I’ve had a couple of requests in the last week about how the migration is going. This post will help answer that question by summarizing what’s happened so far. Let me start by saying that I am actively using a Linux-powered laptop as my primary laptop right now, and I have been doing so since early February. All the posts I’ve published so far have been updates of how things are going “in production,” so to speak. The following sections describe my current, active environment.
  • Galago Pro: Look Inside
    Look inside the Galago Pro and see how easy it is to upgrade!
  • Direct3D 9 Over Vulkan Continues Progressing
  • Nouveau 1.0.15 X.Org Driver Released With Pascal Support
  • Arch Linux running natively on Pixel C
  • openSUSE Conference 2017 Schedule Posted

Making GNU/Linux Look Nice

Lumina Desktop Gets lumina-mediaplayer

  • 1.3.0 Development Preview: lumina-mediaplayer
  • Lumina Desktop Gets Its Own Media Player
    There's now yet another open-source media player, but this time focused on the BSD-focused Qt-powered Lumina Desktop Environment. Lumina Media Player is one of the new additions for the upcoming Lumina 1.3. Lumina Media Player's UI is quite simple so far and allows playing of local audio/video files along with basic audio streaming -- currently implemented for Pandora.

today's howtos