----- Original Message ----- > Hi, > > Any progress on this? I’d like to report the plan in our research paper. > I'll look into this again as soon as I'm finished with the current OpenJDK security update i.e. in a couple of weeks at most. I plan for an updated release which fixes this and other recent SSL issues. I still haven't been able to access the test server you mentioned to me. I'll try and come up with some other means to test the fix. > Best, > Karthik > > On 06 Mar 2015, at 14:40, Andrew Hughes <gnu.andrew@xxxxxxxxxx> wrote: > > > ----- Original Message ----- > >> Hi, > >> > >> We’ve been testing TLS implementations for state machine violations and > >> found > >> a number of unexpected behaviours. > >> See: http://www.smacktls.com > >> I am writing to report a bug in classpath’s TLS implementation at > >> gnu/javax/net/ssl/provider > >> > >> Both the client and server in classpath’s TLS library allow the peer to > >> skip > >> the ChangeCipherSpec message, hence disabling encryption. > >> That is, they will accept a Finished message in the handshake even if they > >> have not received a ChangeCipherSpec message. > >> The easy fix is to require CCS before finished, *and* to ensure that no > >> messages are received between CCS and Finished. > >> > >> The bug allows the peer to downgrade any TLS connection to plaintext. > >> This is worrying in itself, but also opens up more serious attacks. > >> For example, see the attacks on Java in > >> http://http://www.smacktls.com/smack.pdf > >> > >> I’d be happy to discuss this bug in more details with whoever’s working on > >> that bit of the code. > >> We have tests and demos and would be happy to help test patches. > >> > >> Best, > >> Karthik > >> > >> > >> > >> _______________________________________________ > >> Bug-classpath mailing list > >> Bug-classpath@xxxxxxx > >> https://lists.gnu.org/mailman/listinfo/bug-classpath > >> > > > > Funnily enough, I was just reading the site this morning and realising > > that we'd patched this in OpenJDK in January. > > > > I'll take a look at fixing this in the GNU Classpath code and would > > be interested in any tests/demos you have to help. Is the web server > > mentioned on smacktls.com still operational? > > > > Thanks, > > -- > > Andrew :) > > > > Free Java Software Engineer > > Red Hat, Inc. (http://www.redhat.com) > > > > PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) > > Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 > > > > PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net) > > Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07 > > -- Andrew :) Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) PGP Key: ed25519/35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
