Slashdot Mirror

← Back to Stories (view on slashdot.org)

Man-In-the-Middle Vulnerability For SSL and TLS

Posted by Soulskill on from the alphabet-soup dept.

imbaczek writes "The SSL 3.0+ and TLS 1.0+ protocols are vulnerable to a set of related attacks which allow a man-in-the-middle (MITM) operating at or below the TCP layer to inject a chosen plaintext prefix into the encrypted data stream, often without detection by either end of the connection. This is possible because an 'authentication gap' exists during the renegotiation process, at which the MitM may splice together disparate TLS connections in a completely standards-compliant way. This represents a serious security defect for many or all protocols which run on top of TLS, including HTTPS."

3 of 170 comments (clear)

  1. Re:oh joy by think_nix · · Score: 4, Informative

    I wouldn't be so sure on that, anyone can read a mail-listing Ill quote this from Marsh Ray on the ietf mail list:

    I can confirm the severity of the TLS MITM bug. I've had a working
    exploit going since the end of August.

    Steve Dispensa and myself put together (with help of many of course) an
    industry working group to address it. I think we were successful in
    producing a preliminary fix, which vendors are in various stages of
    testing and deployment.

    We'd agreed to responsibly delay disclosure to give the industry time to
    coordinate the fix.

  2. Re:Dissabling SSL re-negotiation? by dopodot · · Score: 5, Informative

    It's more than changing the cipher type, it's also negotiating up from anonymous client to verified client. The second situation occurs ALL THE TIME in web services that require different levels of trust for different content within the same site. So it's not a "seldom-used" feature in the least.

  3. Re:Dissabling SSL re-negotiation? by Anonymous Coward · · Score: 5, Informative

    "But let me ask this : who would ever require SSL renegotiation in practice?"

    from,

    http://h71000.www7.hp.com/doc/83final/ba554_90007/ch04s03.html

    SSL renegotiation is useful in the following situations, once you have established an ordinary SSL session:

            * When you require client authentication
            * When you are using a different set of encryption and decryption keys
            * When you are using a different set of encryption and hashing algorithms

    The last two are kind of useless in practice. The first one is very useful to authenticate the client. Actually, if this is the only way to verify client cert, then SSL renegotiation is vital part of SSL.