SSL Vulnerability

hi Hamish,

 

 

Do you have a CVE number? I did some quick searches online, but didn't find anything related.

 

 

You'll need to open a case to get an official response from F5, but I'm curious to see what the issue is.

 

 

Thanks,

 

Aaron

 

Hi Aaron.

 

 

The IETF mailing list link is http://www.ietf.org/mail-archive/web/tls/current/msg03942.html 'el reg' has the article I first saw at http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/ and then the more in-depth info is at http://extendedsubset.com/?p=8

 

 

I'm still reading the paper he wrote to discover exactly how bad the vulnerability is. But it's not actually limited to just client auth certificate negotiation apparently.

 

 

H

Oh. I also have a case open with F5... They're asking ENE...

 

 

H

I have an answer from F5.

 

 

The answer itself was specific to 9.4.7, but there's no indication that it's different for any other version (Although I have asked). Because of the way they've implemented it, they're only vulnerable (For SSL Offload) if you have an iRule that explicitly does an SSL::renegotiate.

 

 

They'll be publishing a SOL note in the next few days, possibly with same iRule code to workaround the issue where SSL::renegotiate is necessary.

 

 

H

Hi Hamish,

 

 

Thanks for the info. So any iRule which requests a client cert by renegotiating the SSL handshake would potentially be susceptible? Interesting... I look forward to a solution on this.

 

 

Aaron

Hamish: As outlined in the "Renegotiating TLS" paper, insertion is indeed possible even without the use of client certificat authentication. The real impact then depends on the application.

 

To be on the safe side I opted to prevent mid-stream renegotiation altogether where possible.

 

See also my iRule post: http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic