> From: [email protected] On Behalf Of Serge Fonville > Sent: Wednesday, 12 August, 2009 04:01
> >> Recently there has been some discussion on the Internet > regarding so > >> called null-prefix attacks, see > >> http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf. Is > >> openssl vulnerable to this attack?. > > > > The attack is not an attack against SSL/TLS, but against > > implementation of HTTPS (RFC 2818) , FTPS(RFC 4217) , ... > > > > Callers of the openssl library which were wrong can/were > fixed without > > any change in openssl > > > From what I understand, this does not impact any applications > other than webbrowsers, since IIRC they are the only ones > that having a 'host header' which is part of the request and > can be used to detect a proper website by the browser. I > believe other services using SSL/TLS do not have those. So an > incorrect CN wouldn''t really make any difference. Also, HTTP may be the only protocol that explicitly sends the servername in the request (officially only in 1.1), but it is certainly not the only protocol where a client knows which server they want to connect to and wishes to verify they got the/a correct one, by checking the server cert -- and usually, though not always, specifically checking domainname/wildcard in the server cert. > since part of the authenticity check where the null-prefix > issue is relevant is only performed clientside. > Also this should only impact servercertificates, since > clientcertificates would be handled by the server, and with > these the requested host is irrelevant since the ssl happens > at a different layer. > I don't know what you mean by different layer. It is relatively rare to use SSL/TLS client authentication = (keypair+) cert, but when it is used it is at the same layer, and is checked by the server in the same way, and if the server does need to verify its client(s) is subject to the same possible bug/attack. It is true that many Internet applications that need the server to authenticate the client do so at the application layer (e.g. logon/password/dog's-name/etc.) and not the transport layer. Those would not be (directly) affected. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
