SKIP: TLS bug in gnu/javax/net/ssl/provider
gnu.andrew at redhat.com
Thu Jul 9 11:34:19 UTC 2015
----- Original Message -----
> Any progress on this? I’d like to report the plan in our research paper.
I'll look into this again as soon as I'm finished with the current OpenJDK
security update i.e. in a couple of weeks at most. I plan for an updated
release which fixes this and other recent SSL issues.
I still haven't been able to access the test server you mentioned to me.
I'll try and come up with some other means to test the fix.
> On 06 Mar 2015, at 14:40, Andrew Hughes <gnu.andrew at redhat.com> wrote:
> > ----- Original Message -----
> >> Hi,
> >> We’ve been testing TLS implementations for state machine violations and
> >> found
> >> a number of unexpected behaviours.
> >> See: http://www.smacktls.com
> >> I am writing to report a bug in classpath’s TLS implementation at
> >> gnu/javax/net/ssl/provider
> >> Both the client and server in classpath’s TLS library allow the peer to
> >> skip
> >> the ChangeCipherSpec message, hence disabling encryption.
> >> That is, they will accept a Finished message in the handshake even if they
> >> have not received a ChangeCipherSpec message.
> >> The easy fix is to require CCS before finished, *and* to ensure that no
> >> messages are received between CCS and Finished.
> >> The bug allows the peer to downgrade any TLS connection to plaintext.
> >> This is worrying in itself, but also opens up more serious attacks.
> >> For example, see the attacks on Java in
> >> http://http://www.smacktls.com/smack.pdf
> >> I’d be happy to discuss this bug in more details with whoever’s working on
> >> that bit of the code.
> >> We have tests and demos and would be happy to help test patches.
> >> Best,
> >> Karthik
> >> _______________________________________________
> >> Bug-classpath mailing list
> >> Bug-classpath at gnu.org
> >> https://lists.gnu.org/mailman/listinfo/bug-classpath
> > Funnily enough, I was just reading the site this morning and realising
> > that we'd patched this in OpenJDK in January.
> > I'll take a look at fixing this in the GNU Classpath code and would
> > be interested in any tests/demos you have to help. Is the web server
> > mentioned on smacktls.com still operational?
> > Thanks,
> > --
> > Andrew :)
> > Free Java Software Engineer
> > Red Hat, Inc. (http://www.redhat.com)
> > PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
> > Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
> > PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
> > Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: ed25519/35964222 (hkp://keys.gnupg.net)
Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
PGP Key: rsa4096/248BDC07 (hkp://keys.gnupg.net)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the Classpath