TLS renegotiation MITM

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TLS renegotiation MITM

From:	Steve Dispensa
Subject:	TLS renegotiation MITM
Date:	Wed, 04 Nov 2009 21:53:38 -0600
User-agent:	Microsoft-Entourage/12.20.0.090605

Hi,

A colleague and I have released details of a new attack against TLS in the
area of renegotiation. Information is here:

http://extendedsubset.com/?p=8

During the process of running this bug (and its proposed solution) to
ground, I implemented a patch to GNUTLS, attached. There are also two new
files that implement the extension that solves the problem.

There is lots of background in the above link, but the one missing part is
the Internet Draft that has been tentatively agreed on by most of the major
vendors (pending IETF action, of course). That draft is what I have
implemented, and you should see it posted to the TLS IETF list tomorrow
morning.

I'd be happy to help in any way I can.

Thanks.

 -Steve

ext_safe_renegotiation.c
Description: Binary data

ext_safe_renegotiation.h
Description: Binary data

gnutls-safe-renegotiation.patch
Description: Binary data

[Prev in Thread]

Current Thread

[Next in Thread]

TLS renegotiation MITM, Steve Dispensa <=
- Re: TLS renegotiation MITM, Nikos Mavrogiannopoulos, 2009/11/05
  - Re: TLS renegotiation MITM, Steve Dispensa, 2009/11/05
- Re: TLS renegotiation MITM, Simon Josefsson, 2009/11/06
  - Re: TLS renegotiation MITM, Steve Dispensa, 2009/11/06
    - Re: TLS renegotiation MITM, Simon Josefsson, 2009/11/06

Prev by Date: [patch] update M4 for INET_NTOP and INET_PTON checks.
Next by Date: Re: [patch] Re: building recent git
Previous by thread: building recent git
Next by thread: Re: TLS renegotiation MITM
Index(es):
- Date
- Thread