[Security] TLS Triple Handshakes
Thijs Alkemade
me at thijsalkema.de
Tue Mar 4 10:17:22 UTC 2014
On 3 mrt. 2014, at 22:35, Dave Cridland <dave at cridland.net> wrote:
>
>
>
> On 3 March 2014 21:47, Waqas Hussain <waqas20 at gmail.com> wrote:
> On Mon, Mar 3, 2014 at 3:46 PM, Fedor Brunner <fedor.brunner at azet.sk> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> >
> > Hi all,
> > this attack on TLS security may be interesting for XMPP
> > https://www.imperialviolet.org/2014/03/03/triplehandshake.html
> > https://secure-resumption.com/#further
> >
> > The attacker could modify tls-unique channel binding and affect
> > SCRAM-SHA-1-PLUS authentication method.
> >
>
>
> Yes, it's interesting, at a first glance.
>
> It would, however, only affect clients that do not verify certificates properly (at least at the point of sending SASL stuff).
>
> You also need clients and servers that are perfectly happy to see renegotiation, and it's not vastly obvious why XMPP *needs* any renegotiation.
>
> So something to be aware of, rather than panic over.
>
> Dave.
I disagree, there are good reasons to allow renegotiation on XMPP (for example: hiding client-side certificates).
Resumption, on the other hand, I don’t see quite as useful for XMPP, due to StartTLS. Resumption is vital to this attack.
From my very limited testing with a handful of servers and `openssl s_client`, it seems most servers allow renegotiation. Servers running Prosody/ejabberd did not allow resumption, but jabber.org (M-Link) does. However, it seems the XMPP layer is treating any resumption as if it were a new connection.
Thijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/security/attachments/20140304/3979905a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/security/attachments/20140304/3979905a/attachment.sig>
More information about the Security
mailing list