William A. Rowe Jr. wrote:
Howard Chu wrote:
Emmanuel Lecharny wrote:
Wondering if we (ApacheDS) can be a possible target, assuming that we are Java based. Any idea ?
I think Kurt's post already outlined the points of exposure but just to recap:
Renegotiation for privilege escalation is only a threat if the server automatically and implicitly uses the client's certificate for authentication.
That is fine as it goes.
But there are other factors involved in the TLS renegotiation sequence, not just simply requesting client certificate authentication, and none of that matters because the MITM has already injected their self into this stream.
Unless all other forms of negotation are rejected outright, the problem remains.
Most of it is a non-problem; the MITM cannot inject any operations that will run under the client's credentials. Nor can it eavesdrop on the encrypted traffic or tamper with it once underway. It's a lot of work for no gain.
I'm more interested to know if anyone has looked at the question of which clients or servers are using renegotiation features (remember tlsv1_alert import nonsense?) or if openldap works just fine with OpenSSL 0.9.8l (renegotiation-crippled) provider.
As I already said here
http://www.openldap.org/lists/openldap-software/200911/msg00102.html
OpenSSL 0.9.8l is broken, renegotiation requests will hang the connection.
-
Howard Chu