TLS Man-In-The-Middle Vulnerability

Nick Mathewson nickm at torproject.org
Thu Nov 5 20:52:44 UTC 2009


On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote:
> Don't know if any one else has seen or taken a look at this. I don't know if
> this affects Tor, though I believe that we do use certificate renegotiation
> in the protocol, and that is the entry vector for this particular
> vulnerability:

FWIW, this doesn't affect Tor.  The problem here is not renegotiation
per se; the problem is doing renegotiation, then acting as though data
sent _before_ the renegotiation were authenticated with the
rengotiated credentials.

The Tor protocol isn't vulnerable here because 1) it doesn't allow data
to be sent before the renegotiation step, and 2) it doesn't treat a
renegotiation as authenticating previously exchanged data (because
there isn't any).

Browser users, though, should watch out--especially if you use client
certificates for anything.

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list