User: Password:
Subscribe / Log in / New account

TLS renegotiation vulnerability

TLS renegotiation vulnerability

Posted Nov 19, 2009 7:05 UTC (Thu) by jimparis (subscriber, #38647)
Parent article: TLS renegotiation vulnerability

> While TLS is the right place to make the fix, Adam Langley is unhappy that TLS is being blamed for the problem. His contention is that the applications are making unwarranted assumptions about what TLS provides.

I understand his point (from TLS point of view, it's two entirely separate sessions, and it's the application that's incorrectly combining the data from these two sessions into one logical stream).

But still, the mechanism is interesting:

Alice asks to negotiate with the server.
- Mallory starts intercepting traffic
- Mallory asks to negotiate with the server.
- Negotiation happens between server and Mallory
- Mallory sends some data
- Mallory requests a renegotiation
- Mallory stops intercepting traffic
Negotiation happens between server and Alice

If TLS had included a concept of "this is the Nth negotiation in this TCP connection", something like this wouldn't have happened because Alice would see 2 and expect 1.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds