``therefore the previous session won't be needed''? But the handshake still must be completed, must it not? And to do so, the attacker would need to know the master_secret (for the Finished messages). I must be missing something. Would you mind explaining a bit further for the slow? :-)
Cheers,
Hi,
Yes the handshake is completed.
To resume a session the client set the "Session ID" field in the "Client Hello" message, and that's it. Normally the server is sure that it's the real client, because the client will be able to decrypt the datas using the symetrical key that was exchanged during the previous handshake.
The problem is that the datas won't be crypted anymore because during the "Client Hello" message the attacker specified a NULL cipher...
I'm attaching a network dump of both the connections, you will see the problem :)
Regards, -- Fr�d�ric Giudicelli http://www.newpki.org
ssl-null.dmp
Description: Binary data
