[SGVLUG] OpenSSL exploit
Henry B Hotz
hbhotz at oxy.edu
Tue Apr 8 18:46:43 PDT 2014
Hey no argument, OK! It's especially frightening if you consider the market-share numbers that article provided.
My point was that at least there *exists* a fix, however draconian.
The renegotiation bug has no fix yet. Also I forgot to mention that disabling renegotiation breaks client certs and smart cards (for practical purposes) because the way Apache does client certs is to first establish a connection and then renegotiate to a connection with a client cert.
Maybe after we deal with this issue, dealing with an incompatible upgrade to TLS 2.0 (or whatever they call it) will look easy.
On Apr 8, 2014, at 2:01 PM, Eric Gillingham <gillingham at bikezen.net> wrote:
> Straightforward to fix doesn't mean easy.
>
> You will have to revoke every certificate on the machine, and reset
> every single private bit of information that something linked to
> libssl could have ever read into memory as it's now exposed, you also
> have to write off all previously protected traffic as fully public.
>
> This information should be repeated again and again because I don't
> think people are really considering the potential impact.
>
> - Eric
>
> On Tue, Apr 8, 2014 at 1:44 PM, Henry B Hotz <hbhotz at oxy.edu> wrote:
>> Agreed!
>>
>> However it's only (-:™:-) an implementation bug, so it's straightforward
>> (-:™:-) to fix. |-P
>>
>> A couple of months ago yet another protocol error in TLS renegotiation was
>> discovered. It's comparable to the one in 2008 that prompted TLS 1.1. AFAIK
>> they have not yet even decided how to fix it this time and there is talk
>> that the fix should be more comprehensive (and done by different people)
>> than the last one. The net effect is to break the cryptographic binding
>> between the cert(s) and the channel, permitting MITM attacks (even when
>> client certs are used). Short-term mitigation is to disable TLS
>> renegotiation. No big deal for short connections, but theoretically a bad
>> idea for large data volumes.
>>
>> This has to be really embarrassing to all the black-funded experts who
>> analyzed TLS 1.0 and pronounced it secure. They obviously didn't look at
>> renegotiation, only the initial connection.
>>
>> On Apr 8, 2014, at 11:16 AM, Matthew Campbell <dvdmatt at gmail.com> wrote:
>>
>> Wow this is major.
>>
>> Matt
>>
>> On Apr 7, 2014 6:08 PM, "Rae Yip" <rae.yip at gmail.com> wrote:
>>>
>>> In case you haven't heard, patch your OpenSSL libraries:
>>>
>>> http://heartbleed.com/
>>>
>>> And then change your secrets.
>>>
>>> John K, you must be feeling pretty smug right now. ;)
>>>
>>> -Rae.
>>>
>>
>> Personal email. hbhotz at oxy.edu
>>
>>
>>
>
Personal email. hbhotz at oxy.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20140408/82dacbb5/attachment.html>
More information about the SGVLUG
mailing list