IT Trenches

Nov 5 2009   4:50PM GMT

Do you use TLS or client certificates for authentication? Beware of new MITM vulnerability

Troy Tate Profile: Troy Tate

As Michael Morisy of ITKE recently posted, New SSL security hole allows man-in-the-middle attacks, a new SSL vulnerability has been announced. What you need to know about this vulnerability is that it most affects TLS (transport layer security) sessions using client authentication certificates. This is a vulnerability at the protocol level which makes it very difficult to fix where a recent previous SSL vulnerability had to do with certificate formats and content.

For specific details from the original researchers, visit the website. The summary of the announcement is shown below:

Renegotiating TLS

Marsh Ray

Steve Dispensa

v1.1 November 4, 2009


Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well. Although this research has focused on the implications specifically for HTTP as the application protocol, the research is ongoing and many of these attacks are expected to generalize well to other protocols layered on TLS.

There are three general attacks against HTTPS discussed here, each with slightly different characteristics, all of which yield the same result: the attacker is able to execute an HTTP transaction of his choice, authenticated by a legitimate user (the victim of the MITM attack). Some attacks result in the attacker-supplied request generating a response document which is then presented to the client without any certificate warning or other indication to the user. Other techniques allow the attacker to forward or re-purpose client certificate authentication credentials.

Visit the website for details including:

extendedsubset.comThe full document in pdf format: Renegotiating_TLS.pdf

Some helpful protocol diagrams: Renegotiating_TLS_pd.pdf

Packet captures:

This one is definitely going to be interesting to watch. The excitement never ends in the security world. Leave a comment and let other ITKE readers know if you foresee any issues on this vulnerability or if you have taken any specific actions to address the risk. Thanks for reading and let’s continue to be good network citizens.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Michael Morisy
    Thanks for the extra information Troy! Very useful resources on this security hole.
    8,663 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: