[no subject]

[Howell, Paul]

At http://extendedsubset.com/?p=8

v1.1 November 4, 2009

Summary

Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3
and previous) is subject to a number of serious man-in-the-middle (MITM)
attacks related to renegotiation. In general, these problems allow an
MITM to inject an arbitrary amount of chosen plaintext into the
beginning of the application protocol stream, leading to a variety of
abuse possibilities. In particular, practical attacks against HTTPS
client certificate authentication have been demonstrated against recent
versions of both Microsoft IIS and Apache httpd on a variety of
platforms and in conjunction with a variety of client applications.
Cases not involving client certificates have been demonstrated as well.
Although this research has focused on the implications specifically for
HTTP as the application protocol, the research is ongoing and many of
these attacks are expected to generalize well to other protocols layered
on TLS.

There are three general attacks against HTTPS discussed here, each with
slightly different characteristics, all of which yield the same result:
the attacker is able to execute an HTTP transaction of his choice,
authenticated by a legitimate user (the victim of the MITM attack). Some
attacks result in the attacker-supplied request generating a response
document which is then presented to the client without any certificate
warning or other indication to the user. Other techniques allow the
attacker to forward or re-purpose client certificate authentication
credentials.



------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------