On 1/12/11 21:17 PM, abhijeet joshi wrote:
https://wiki.mozilla.org/Security:Renegotiation,
Oooo... new cert :) My Firefox tells me the site's CA has changed!
Very nice.
I am curious and want to
confirm if I understood a couple of facts correctly.
1. At one point it is said in the document that:
Unfortunately, when a server is using the vulnerable SSL/TLS protocol
version, it is impossible for the browser to know whether a site is
protected or vulnerable (i.e whether session renegotiation is enabled or
disabled on the server).
So does this mean that when the server is using older SSL/TLS protocol
version, whether server has Renegotiation set to On or Off can not be
detected by browsers?
Yes, something like that. The details are arcane and head-spinning.
2. security.ssl.treat_unsafe_
negotiation_as_broken: This option is used to know whether RFC 5746 is
followed by current protocol. So if we see error
(<domain> : server does not support RFC 5746, see CVE-2009-3555)
in the error log then we are sure that server is using older SSL/TLS
protocol but we will not be sure if renegotiation is set to on or off. Is
this correct?
Sounds about right.
Though it is recommended to upgrade to latest SSL/TLS protocol, what impact
on user experience/security it makes if I set renegotiation set to Off on
server side and continue using old protocol?
Approximately none, at the moment.
It could change... As far as we know, there are no reported incidents
of real attacks using renegotiation in the wild to breach users'
security and causing real damages to users [0]. The likely reason for
this is that although the attack is devastating to the theoretical or
paper security of the protocol, it is currently impractical to use on a
mass scale, in comparison to the current attack set available to bad
guys [1].
Another way of looking at this is that we now have documented around
O(100) attacks using false certs. So before you turn on the
renegotiation_as_broken flag you should make sure you have the
false_certs_are_bad flag on first [2]. Otherwise you're smoking from
the pipe known as false sense of security.
Unfortunately, the renegotiation problem can only be fixed by upgrading
all servers and all browsers. Those vendors who have upgraded have no
better way to communicate this than to DOS the users who will hopefully
DOS the server operators. No matter that it is an article of faith that
DOSing the users doesn't work, they just click through. Renegotiation
is a theoretically very sucky and heart-rendering bug.
iang
[0] There are academic demos and nuisance attacks. Apparently Twitter
was attacked in this way.
[1] Generally that benchmark is: Download this attack kit, select
option "renegotiation breach."
[2] Cert Patrol, Perspectives? Others are being discussed.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
