TLS Man-In-The-Middle Vulnerability
Nick Mathewson
nickm at freehaven.net
Thu Nov 12 02:15:20 UTC 2009
On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote:
> On 11/05/09 15:52, Nick Mathewson wrote:
> > On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote:
> >> Don't know if any one else has seen or taken a look at this. I don't know if
> >> this affects Tor, though I believe that we do use certificate renegotiation
> >> in the protocol, and that is the entry vector for this particular
> >> vulnerability:
> >
> > FWIW, this doesn't affect Tor. The problem here is not renegotiation
> > per se; the problem is doing renegotiation, then acting as though data
> > sent _before_ the renegotiation were authenticated with the
> > rengotiated credentials.
> >
> > The Tor protocol isn't vulnerable here because 1) it doesn't allow data
> > to be sent before the renegotiation step, and 2) it doesn't treat a
> > renegotiation as authenticating previously exchanged data (because
> > there isn't any).
>
> The vulnerability itself might not effect Tor, but the OpenSSL
> workaround for this vulnerability of disabling renegotiation by default
> in 0.9.8l [1] might not play nice with a Tor implementation.
Indeed it will not. We have a fix in svn to make the 0.2.1.x and
0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With
any luck, we should get releases out before too long.
yrs,
--
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list