Hi, On 03/13/2014 10:37 PM, Abdullah Alshalan wrote: > Hi, > I have a few questions about OpenVPN and I would appreciate if you can answer whatever you can.
I'll give it a try. I assume these questions relate to the 'Triple Handshake'-attack (https://secure-resumption.com/). I do not understand all the details of the attack, but I can tell you what I know about OpenVPN. > 1- Does OpenVPN use a lightweight SSL handshake upon automatic reconnection? No. OpenVPN does not initiate TLS session renegotiation or resumption. The renegotiation messages in OpenVPN connection logs relate to OpenVPN's data-session key renegotiations, which are not affected by this attack. For OpenVPN's control channel, it heavily depends on the underlying crypto library, either OpenSSL of PolarSSL. The OpenSSL builds of OpenVPN however might respond to session renegotiations initiated by a malicious server, I'm not completely sure on OpenSSL's behaviour. It is not clear to me whether a mitm-initiated renegotiation is enough to mount the secure-resumption attack. The PolarSSL builds of OpenVPN have session renegotiation disabled, and will not participate in session renegotiation at all. These are thus not affected. > 2- If so, when does OpenVPN do a full handshake vs. lightweight (abbreviated) handshake? See above. > 3- Does it renogotiate the master key upon reconnection? On any TLS errors reported by OpenSSL, OpenVPN shuts down the previous TLS session, and starts a new session from scratch. It relies on OpenSSL to do the master key renegotiation. > 4- In a mobile environment, would it be better to replace openssl with WTLS? what's your take on that? I don't know. WTLS has some interesting properties for mobile environments, but its security has not been researched as thoroughly as TLS's. It differs enough from TLS to require its own thorough analysis. On a final note, I would like to recommend everybody to use OpenVPN's 'TLS auth'-keys. These add another layer of security to the TLS channel, and protect against both DoS and MitM attacks on TLS. Regards, -Steffan
