[Operators] SSLv3 is out.

Matthew Wild mwild1 at gmail.com
Wed Oct 15 08:57:33 UTC 2014


On 15 October 2014 08:47, Jonas Wielicki <xmpp-operators at sotecware.net>
wrote:

> I’m not confident that this attack is (like BEAST and CRIME) relevant
> for XMPP.
>
> It requires that the attacker is able to induce several SSL connections,
> with the offset of the data to be attacked (which must be the same for
> all attempts) and the size of the packet under the attackers precise
> control.
>

I can only think this would apply to s2s connections, if you had an account
on the server. As an active attacker you could break an s2s connection and
send a new stanza to re-establish. The stanza is under your control.
Whether this constitutes "precise control" I don't know.


> I don’t know of a scenario in XMPP C2S, nor can I imagine one for XMPP
> S2S, where this would be plausibly possible. So I think it is not
> relevant for XMPP (also, the usual opportunistic encryption argument for
> s2s applies).
>
> Also, do XMPP S2S connections the “downgrade dance” mentioned in the paper?
>

I know of no XMPP implementations that do this. So basically it would work
only if SSLv3 is the only protocol supported by one of the parties (I don't
think I've seen any servers that only support SSLv3).

Regards,
Matthew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20141015/68c1a43c/attachment.html>


More information about the Operators mailing list