[openssl-dev] [openssl.org #3712] TLS Renegotiation with Java is broken
Hubert Kario
hkario at redhat.com
Fri Sep 25 12:24:27 UTC 2015
On Friday 25 September 2015 12:42:14 Karthikeyan Bhargavan wrote:
> During renegotiation, app data should not appear between CCS and
> finished, but some implementations (e.g. NSS) do allow this. I would
> consider it a state machine bug, although finding a serious exploit
> is not so easy.
while it is not easy, patching it up before it is exploitable is a good
idea.
And besides, we already had enough issues with clients and servers
incorrectly attaching data to wrong authentication info.
Some implementations may think that stuff before Finished is from new
connection while others that it is from old connection.
I'll file that bug as soon as I have a reproducer for it (most likely
today)
--
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150925/bbb35b1c/attachment.sig>
More information about the openssl-dev
mailing list