SSL Renegotiation Vulnerability / "(private) HKS" <hks.private@gmail.com>

http://www.kb.cert.org/vuls/id/120541

I assume Pound is vulnerable to this since it seems to be a flaw in
the actual protocol design, but can anyone confirm?

-HKS

Re: [Pound Mailing List] SSL Renegotiation Vulnerability
Robert Segall <roseg(at)apsis.ch>

2009-11-12 16:55:22

[ FULL ]

On Wed, 2009-11-11 at 16:01 -0500, (private) HKS wrote:[...]

Yes, Pound suffers from the same problem (as you correctly note, this is
really a SSL issue). We hope this will be fixed in some upcoming OpenSSL
version.[...]

Re: [Pound Mailing List] SSL Renegotiation Vulnerability
Makoto Kobayashi <lukthai12(at)gmail.com>

2009-11-13 09:34:29

[ FULL ]

OpenSSL 0.9.8l is released as a workaround against the issue last week.

However, as HKS mentioned, it is not a vulnerability of
implementations but that of the protocol.
All we can do so far is just work around, am I right?

Makoto

On Fri, Nov 13, 2009 at 12:55 AM, Robert Segall <roseg(at)apsis.ch>
wrote:[...][...][...]

Re: [Pound Mailing List] SSL Renegotiation Vulnerability
"(private) HKS" <hks.private(at)gmail.com>

2009-11-13 19:19:19

[ FULL ]

0.9.8l just disables renegotiation. This fixes the issue, for sure,
but may break apps. Unfortunately, I have no idea on what scale
renegotiation is actively used, nor what the consequences of it
failing are for most apps. (I asked whether Pound was vulnerable
mainly because I wasn't sure if it permitted renegotiation)

An RFC is in process that will define a cryptographic tie-in between
original and renegotiated sessions. This will fix the problem and
hopefully we'll see patches for most clients within weeks. Till
then...blech.

-HKS

On Fri, Nov 13, 2009 at 3:34 AM, Makoto Kobayashi
<lukthai12(at)gmail.com> wrote:[...][...]
>>> http://www.kb.cert.org/vuls/id/120541
>>>
>>> I assume Pound is vulnerable to this since it seems to be a flaw
in
>>> the actual protocol design, but can anyone confirm?[...][...]