William A. Rowe Jr. wrote:
Howard Chu wrote:
> Emmanuel Lecharny wrote:
>> Wondering if we (ApacheDS) can be a possible target, assuming that we
>> are Java based. Any idea ?
> I think Kurt's post already outlined the points of exposure but just to recap:
> Renegotiation for privilege escalation is only a threat if the server
> automatically and implicitly uses the client's certificate for authentication.
That is fine as it goes.
But there are other factors involved in the TLS renegotiation sequence, not just
simply requesting client certificate authentication, and none of that matters
because the MITM has already injected their self into this stream.
Unless all other forms of negotation are rejected outright, the problem remains.
Most of it is a non-problem; the MITM cannot inject any operations that will
run under the client's credentials. Nor can it eavesdrop on the encrypted
traffic or tamper with it once underway. It's a lot of work for no gain.
I'm more interested to know if anyone has looked at the question
of which clients
or servers are using renegotiation features (remember tlsv1_alert import nonsense?)
or if openldap works just fine with OpenSSL 0.9.8l (renegotiation-crippled) provider.
As I already said here
OpenSSL 0.9.8l is broken, renegotiation requests will hang the connection.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/