Date: Sun, 8 Nov 2009 07:10:02 GMT From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555 Message-ID: <200911080710.nA87A2On066337@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/140356; it has been noted by GNATS. From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Colin Percival <cperciva@freebsd.org> Cc: bug-followup@FreeBSD.org, FreeBSD Security Team <secteam@freebsd.org> Subject: Re: bin/140356: [patch] OpenSSL in base: fix CVE-2009-3555 Date: Sun, 8 Nov 2009 10:00:49 +0300 Colin, good day. Sat, Nov 07, 2009 at 04:22:08PM -0800, Colin Percival wrote: > Given that this is a rather obscure issue (not many people use client > certificates) Not many? How you define "many" and what makes you to believe that client certificates are not in the wide use for the authentication? Moreover, the issue isn't lies solely in the clients that use certificates -- MITM can prefix the data with the chosen text even when client uses no certificates: the talk about per-directory authentication was about the case when server initiates renegotiation. But client (MITM) can equally initiate the renegotiation and the initial HelloRequest from the real client can be used for this. See "Scenatio: Client-initiated renegotiation" from the original paper at http://extendedsubset.com/Renegotiating_TLS.pdf > I'd like to wait until there is more consensus about how this should > be fixed -- it may be that the conclusion will be that the approach > taken by the OpenSSL team, of disabling renegotiation, is not the > right solution. The general answer is also known: there should be some cryptographical binding between renegotiated session chunks. TLS WG is trying to figure out how to do this in the least harmful way. See, for example, https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt and thread on the tls@ietf.org http://www.ietf.org/mail-archive/web/tls/current/msg03963.html -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200911080710.nA87A2On066337>