Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
TLS Triple Handshakes
85 views
Skip to first unread message
Fedor Brunner
Mar 4, 2014, 6:50:12 AM3/4/14
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the attack described in https://secure-resumption.com/ breaks also tls
channel binding tls-unique RFC 5929.
I would still like to use tls-unique for channel binding as defined in
SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect
against this attack if the session caching is disabled?
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
Is it necessary to disable resumption using a different function?
Kind regards,
Fedor Brunner
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJTFb30XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2
RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOtHQIP/iF2Zg0pgBGbCpjACOI/Ug2e
wWitxzPhAF0CF6ATE69uke+Q5QaSBee6w1y0hlKuLpayl1wZOqEnhLEUokpOkQZR
DEOUFgk/EmU6RaMv0xRlUaB3VdT1F2zMvZ/gwK+3FrM6mNfEYG04JIIZhrD4DCtk
4Ce8FWRzTNIC4HG/OqA2PRp9dGPwm/JhEoTqexu282Qz1icGHQuNLq1HMj9gESbe
dkuMg0v7W1YtrFJa1LYc2wOCugG3glya+zn+VRsC/8Ki8bejqkGWTYeAtDeg8yUm
+9CFPhSoHYqNgOhAZ4SrRGyaKblnBI+NLEjOfCASqgCc7oJT3LNtWNNGJNgXoqiG
5gP9WLot39fKJ0g/gW0+PJQyCGMGYtYqJ9Xc93xcWmPZ7NGvn4p5wr/orBwyEB4S
s62Q/HKzYb9xVpLvXhwHnjbHpWZS18wHNwIGquU6RL6Rl6Vzznl73+HC6u097zAG
O+h/lfMmxsXIUbjMxpGazYjmNDR9rGCXzZ9xE498rkWIQIZBwTyyWxj2QSMtLv1v
sQ6fmvnLP1aGEByrMjthHPQoFQtVruuGqmKoZ74lrIjttF5WgTBn5OdRoxeJUZPd
eTZYrRe1zTKC+k6xqcixliQB2HB+zd4PAHt2IZiUaKR+W5Cu4ypJc4c0G4xNEtuN
CZt2VD2yTjfTdlcjKSTH
=nIoa
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Hash: SHA512
Hi,
the attack described in https://secure-resumption.com/ breaks also tls
channel binding tls-unique RFC 5929.
I would still like to use tls-unique for channel binding as defined in
SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect
against this attack if the session caching is disabled?
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
Is it necessary to disable resumption using a different function?
Kind regards,
Fedor Brunner
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJTFb30XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2
RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOtHQIP/iF2Zg0pgBGbCpjACOI/Ug2e
wWitxzPhAF0CF6ATE69uke+Q5QaSBee6w1y0hlKuLpayl1wZOqEnhLEUokpOkQZR
DEOUFgk/EmU6RaMv0xRlUaB3VdT1F2zMvZ/gwK+3FrM6mNfEYG04JIIZhrD4DCtk
4Ce8FWRzTNIC4HG/OqA2PRp9dGPwm/JhEoTqexu282Qz1icGHQuNLq1HMj9gESbe
dkuMg0v7W1YtrFJa1LYc2wOCugG3glya+zn+VRsC/8Ki8bejqkGWTYeAtDeg8yUm
+9CFPhSoHYqNgOhAZ4SrRGyaKblnBI+NLEjOfCASqgCc7oJT3LNtWNNGJNgXoqiG
5gP9WLot39fKJ0g/gW0+PJQyCGMGYtYqJ9Xc93xcWmPZ7NGvn4p5wr/orBwyEB4S
s62Q/HKzYb9xVpLvXhwHnjbHpWZS18wHNwIGquU6RL6Rl6Vzznl73+HC6u097zAG
O+h/lfMmxsXIUbjMxpGazYjmNDR9rGCXzZ9xE498rkWIQIZBwTyyWxj2QSMtLv1v
sQ6fmvnLP1aGEByrMjthHPQoFQtVruuGqmKoZ74lrIjttF5WgTBn5OdRoxeJUZPd
eTZYrRe1zTKC+k6xqcixliQB2HB+zd4PAHt2IZiUaKR+W5Cu4ypJc4c0G4xNEtuN
CZt2VD2yTjfTdlcjKSTH
=nIoa
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Dr. Stephen Henson
Mar 5, 2014, 6:58:53 AM3/5/14
to
On Tue, Mar 04, 2014, Fedor Brunner wrote:
>
> Hi,
> the attack described in https://secure-resumption.com/ breaks also tls
> channel binding tls-unique RFC 5929.
>
> I would still like to use tls-unique for channel binding as defined in
> SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect
> against this attack if the session caching is disabled?
>
> SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
>
> Is it necessary to disable resumption using a different function?
>
You'd also need to disable session tickets too.
>
> Hi,
> the attack described in https://secure-resumption.com/ breaks also tls
> channel binding tls-unique RFC 5929.
>
> I would still like to use tls-unique for channel binding as defined in
> SCRAM (RFC 5802). Can OpenSSL be used for channel binding and protect
> against this attack if the session caching is disabled?
>
> SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF)
>
> Is it necessary to disable resumption using a different function?
>
Note the initiial phase of the attack requires that the attacker possess a
private key and certificate the client trusts. I'd be interested to know how
that could happen under your circumstances.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
0 new messages