Hi, Any progress on this? I’d like to report the plan in our research paper. Best, Karthik On 06 Mar 2015, at 14:40, Andrew Hughes <gnu.andrew@xxxxxxxxxx> wrote: > ----- Original Message ----- >> Hi, >> >> We’ve been testing TLS implementations for state machine violations and found >> a number of unexpected behaviours. >> See: http://www.smacktls.com >> I am writing to report a bug in classpath’s TLS implementation at >> gnu/javax/net/ssl/provider >> >> Both the client and server in classpath’s TLS library allow the peer to skip >> the ChangeCipherSpec message, hence disabling encryption. >> That is, they will accept a Finished message in the handshake even if they >> have not received a ChangeCipherSpec message. >> The easy fix is to require CCS before finished, *and* to ensure that no >> messages are received between CCS and Finished. >> >> The bug allows the peer to downgrade any TLS connection to plaintext. >> This is worrying in itself, but also opens up more serious attacks. >> For example, see the attacks on Java in >> http://http://www.smacktls.com/smack.pdf >> >> I’d be happy to discuss this bug in more details with whoever’s working on >> that bit of the code. >> We have tests and demos and would be happy to help test patches. >> >> Best, >> Karthik >> >> >> >> _______________________________________________ >> Bug-classpath mailing list >> Bug-classpath@xxxxxxx >> https://lists.gnu.org/mailman/listinfo/bug-classpath >> > > Funnily enough, I was just reading the site this morning and realising > that we'd patched this in OpenJDK in January. > > I'll take a look at fixing this in the GNU Classpath code and would > be interested in any tests/demos you have to help. Is the web server > mentioned on smacktls.com still operational? > > Thanks, > -- > Andrew :) > > Free Java Software Engineer > Red Hat, Inc. (http://www.redhat.com) > > PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) > Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 > > PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net) > Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
