- 1. TLS/SSL Renegotiation Vulnerability Thai N. Duong
[email_address]
2. Agenda
- SSL/TLS renegotiation vulnerability
3. About me
- Blogger -http://vnhacker.blogspot.com
- Administrator http://www.hvaonline.net
- Member Team CLGT -http://vnsecurity.net
- Bug Hunter Yahoo!, Oracle/SUN, Apache Foundation, etc.
4. Copyright notice
- Most of subsequent slides are copied from elsewhere on the
Internet
- You should be careful if you want to reuse them
- This compilation is in public domain
5. 6. 7. 8. 9. DHE -RSA-AES256-SHA 10. DHE - RSA -AES256-SHA 11.
DHE - RSA - AES256 -SHA 12. DHE - RSA - AES256 - SHA 13.
Renegotiation vulnerability
- Inject an arbitrary amount of chosen plaintext into the
beginning of the application protocol stream
- Execute a HTTP transaction, authenticated by a legitimate
user
14. 15. 16. 17. 18. Trigger renegotiation
- Client certificate authentication
- Differing server cryptographic requirements
- Client-initiated renegotiation
19. 20. Reference
- http://extendedsubset.com/Renegotiating_TLS.pdf
-
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
21. Thank you! Question?