Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: TLS Man-in-the-middle on renegotiation vulnerability made public - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
TLS Man-in-the-middle on renegotiation vulnerability made public

TLS 1.0+ and SSL 3.0+  (known from among others "https") is vulnerable to a protocol weakness where a man in the middle could work during the renegotiation phase in modern versions the protocol.

While the details had been offered in a meeting with the IETF, vendors and the open source implementers of SSL privately, it appears an IETF mailing list came to finding it again.  That seems to have prompted the original finders (Marsh Ray and Steve Dispensa) to offer up their finding publicly.

The news media outlets are obviously all over this.

Some links aside of the usual media outlets:

There does not seem to be much you can do till the protocol is fixed. The main problem seems to be with clients using certificate authentication.

Exploiting this requires the attacker to be able to intercept the traffic.

Thanks to Martin, Edward, Ken and Chris for sending this in.

Swa Frantzen -- Section 66


760 Posts
Nov 5th 2009
This is CVE-2009-3555
Combine this with the rogue CA[1] (200 PS3s generating certificates until an MD5 hash collision occurs) and a little ARP spoofing, and you have yourself a viable exploit.


11 Posts offers an excellent summary.

11 Posts

Sign Up for Free or Log In to start participating in the conversation!