Re: SKIP: TLS bug in gnu/javax/net/ssl/provider

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message -----
> Hi,
> 
> Any progress on this? I’d like to report the plan in our research paper.
> 

I'll look into this again as soon as I'm finished with the current OpenJDK
security update i.e. in a couple of weeks at most. I plan for an updated
release which fixes this and other recent SSL issues.

I still haven't been able to access the test server you mentioned to me.
I'll try and come up with some other means to test the fix.

> Best,
> Karthik
> 
> On 06 Mar 2015, at 14:40, Andrew Hughes <gnu.andrew@xxxxxxxxxx> wrote:
> 
> > ----- Original Message -----
> >> Hi,
> >> 
> >> We’ve been testing TLS implementations for state machine violations and
> >> found
> >> a number of unexpected behaviours.
> >> See: http://www.smacktls.com
> >> I am writing to report a bug in classpath’s TLS implementation at
> >> gnu/javax/net/ssl/provider
> >> 
> >> Both the client and server in classpath’s TLS library allow the peer to
> >> skip
> >> the ChangeCipherSpec message, hence disabling encryption.
> >> That is, they will accept a Finished message in the handshake even if they
> >> have not received a ChangeCipherSpec message.
> >> The easy fix is to require CCS before finished, *and* to ensure that no
> >> messages are received between CCS and Finished.
> >> 
> >> The bug allows the peer to downgrade any TLS connection to plaintext.
> >> This is worrying in itself, but also opens up more serious attacks.
> >> For example, see the attacks on Java in
> >> http://http://www.smacktls.com/smack.pdf
> >> 
> >> I’d be happy to discuss this bug in more details with whoever’s working on
> >> that bit of the code.
> >> We have tests and demos and would be happy to help test patches.
> >> 
> >> Best,
> >> Karthik
> >> 
> >> 
> >> 
> >> _______________________________________________
> >> Bug-classpath mailing list
> >> Bug-classpath@xxxxxxx
> >> https://lists.gnu.org/mailman/listinfo/bug-classpath
> >> 
> > 
> > Funnily enough, I was just reading the site this morning and realising
> > that we'd patched this in OpenJDK in January.
> > 
> > I'll take a look at fixing this in the GNU Classpath code and would
> > be interested in any tests/demos you have to help. Is the web server
> > mentioned on smacktls.com still operational?
> > 
> > Thanks,
> > --
> > Andrew :)
> > 
> > Free Java Software Engineer
> > Red Hat, Inc. (http://www.redhat.com)
> > 
> > PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
> > Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222
> > 
> > PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
> > Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07
> 
> 

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04  C5A0 CFDA 0F9B 3596 4222

PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07






[Index of Archives]     [Linux Kernel]     [Linux Cryptography]     [Fedora]     [Fedora Directory]     [Red Hat Development]

  Powered by Linux