William A. Rowe Jr. wrote: > Howard Chu wrote: >> Emmanuel Lecharny wrote: >>> Wondering if we (ApacheDS) can be a possible target, assuming that we >>> are Java based. Any idea ? >> >> I think Kurt's post already outlined the points of exposure but just to >> recap: >> >> Renegotiation for privilege escalation is only a threat if the server >> automatically and implicitly uses the client's certificate for >> authentication. > > That is fine as it goes. > > But there are other factors involved in the TLS renegotiation sequence, not > just > simply requesting client certificate authentication, and none of that matters > because the MITM has already injected their self into this stream. > > Unless all other forms of negotation are rejected outright, the problem > remains.
Most of it is a non-problem; the MITM cannot inject any operations that will run under the client's credentials. Nor can it eavesdrop on the encrypted traffic or tamper with it once underway. It's a lot of work for no gain. > I'm more interested to know if anyone has looked at the question of which > clients > or servers are using renegotiation features (remember tlsv1_alert import > nonsense?) > or if openldap works just fine with OpenSSL 0.9.8l (renegotiation-crippled) > provider. As I already said here http://www.openldap.org/lists/openldap-software/200911/msg00102.html OpenSSL 0.9.8l is broken, renegotiation requests will hang the connection. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/