Am 20.09.2011 22:31, schrieb Hanno Böck:
Am Tue, 20 Sep 2011 20:37:35 +0200
schrieb Richard Könning<richard.koenn...@ts.fujitsu.com>:
Please read http://www.openssl.org/~bodo/tls-cbc.txt, problem #2. You
then see that the problem is already addressed in OpenSSL 0.9.6d,
over seven years ago. See also
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf,
section 6, subsection "OpenSSL and the Empty Message".
That's interesting to know. Do you know if similar mitigation measures
have been done in other popular ssl implementations, especially nss?
My knowledge stems mostly from the cited sources, i.e. i have no
information that other SSL implementations have some mitigation measures
implemented too.
And is it sufficient if one side of a connection has them or do both
need them to be secure? (the most likely scenario with https is probably
an nss client with an openssl server)
Imho, as long as the attacker is on the client side it suffices when the
mitigation measure is implemented on the server side. The only
requirement is that the client must not reject empty fragments,
regarding this look at Ludwig's mail (i don't have an answer to his
question).
Ciao,
Richard Könning
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
