RE: [fw-wiz] Security of HTTPS

From: Frank Knobbe (frank_at_knobbe.us)
Date: 11/27/04

  • Next message: R. DuFresne: "Re: [fw-wiz] Security and Audit Policy" 
    To: lordchariot@earthlink.net
Date: Fri, 26 Nov 2004 18:58:44 -0600

    On Tue, 2004-11-23 at 10:00, lordchariot@earthlink.net wrote:
    > I wouldn't necessarily call it a MITM attack, but there are some products
    > out there that intentionally decrypt an SSL connection. These type of
    > products will take an SSL certificate as presented from the web site, and
    > re-create a new one on-the-fly to present to the client browser. If the
    > product's CA cert is loaded into the client, there aren't any certificate
    > warnings. If not, then most people click through the cert warning anyway
    > because they don't know any better.

    Yuck... that's too complicated. All such a product needs are the public
    and private keys from the server. At run-time, it can sniff the public
    key of the visiting client, and that's all that's required to follow an
    SSL session up to and including the exchange of the session keys (after
    which point the device can decrypt and monitor the full SSL session).
    This is caused by an (I guess intentional) weakness in the SSL
    handshaking.

    (If I remember right, the skinny is that the client encrypts the
    pre-master key and sends it to the server. The server [and client] then
    generate the master key which is used to generate the session key. The
    "weakness" imho is that there is no transfer of encrypted key material
    from the server to the client, which would require the clients secret
    key to decrypt. Thus, by having the clients public key, and the servers
    public and private key, an observer can follow the negotiation and
    arrive with the same session key materials as the server. Or perhaps
    that is a feature :)

    What you described IS a classic MITM where the intercepting device
    presents its own certificate.

    Regards,
    Frank

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: R. DuFresne: "Re: [fw-wiz] Security and Audit Policy"

    Relevant Pages

    • Re: Antw: Re: LDAP Authentication Problem
      ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
      (de.comp.sys.novell)
    • SSL and IPS (was RE: ssh and ids)
      ... How many simultaneous SSL sessions can be tracked?" ... I assume you're talking about a case in which the client constantly ... If you walk the possible session id space and ... The server chooses the session ID, ...
      (Focus-IDS)
    • Re: Using SSL with IIS 5.0 - how does it work.
      ... Description of the Secure Sockets Layer (SSL) Handshake ... username and password when users authenticates to server (e.g. to check ... his/her e-mail) (client sends this data to the server) ... If you want your users to trust your SSL certificate ...
      (microsoft.public.inetserver.iis.security)
    • Re: FOLLOW UP - Re: what certificate to buy from Verisign ?
      ... If you use SCT it goes something like this: ... Session key exchange using Certs to exchange and verify identities. ... Server caches the SCT using SCTID is unique id. ... > SSL handshake is an expensive operation, if I choose to use SSL to access ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
      ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
      (microsoft.public.dotnet.framework.aspnet.security)