TLS Man-In-The-Middle Vulnerability

Nick Mathewson nickm at freehaven.net
Thu Nov 12 02:15:20 UTC 2009


On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote:
> On 11/05/09 15:52, Nick Mathewson wrote:
> > On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote:
> >> Don't know if any one else has seen or taken a look at this. I don't know if
> >> this affects Tor, though I believe that we do use certificate renegotiation
> >> in the protocol, and that is the entry vector for this particular
> >> vulnerability:
> > 
> > FWIW, this doesn't affect Tor.  The problem here is not renegotiation
> > per se; the problem is doing renegotiation, then acting as though data
> > sent _before_ the renegotiation were authenticated with the
> > rengotiated credentials.
> > 
> > The Tor protocol isn't vulnerable here because 1) it doesn't allow data
> > to be sent before the renegotiation step, and 2) it doesn't treat a
> > renegotiation as authenticating previously exchanged data (because
> > there isn't any).
> 
> The vulnerability itself might not effect Tor, but the OpenSSL
> workaround for this vulnerability of disabling renegotiation by default
> in 0.9.8l [1] might not play nice with a Tor implementation.

Indeed it will not.  We have a fix in svn to make the 0.2.1.x and
0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l.  With
any luck, we should get releases out before too long.

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list