SSL

21
TLS/SSL Renegotiation Vulnerability Thai N. Duong [email protected]

TAGS:

description

 

Transcript of SSL

  • 1. TLS/SSL Renegotiation Vulnerability Thai N. Duong [email_address]

2. Agenda

  • SSL/TLS protocol
  • SSL/TLS renegotiation vulnerability
  • Q & A

3. About me

  • CISO at DongA Bank
  • Blogger -http://vnhacker.blogspot.com
  • Administrator http://www.hvaonline.net
  • Member Team CLGT -http://vnsecurity.net
  • Bug Hunter Yahoo!, Oracle/SUN, Apache Foundation, etc.

4. Copyright notice

  • Most of subsequent slides are copied from elsewhere on the Internet
  • You should be careful if you want to reuse them
  • This compilation is in public domain

5. 6. 7. 8. 9. DHE -RSA-AES256-SHA 10. DHE - RSA -AES256-SHA 11. DHE - RSA - AES256 -SHA 12. DHE - RSA - AES256 - SHA 13. Renegotiation vulnerability

  • Active MITM attacker
  • Inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream
  • Execute a HTTP transaction, authenticated by a legitimate user

14. 15. 16. 17. 18. Trigger renegotiation

  • Client certificate authentication
  • Differing server cryptographic requirements
  • Client-initiated renegotiation

19. 20. Reference

  • http://clicky.me/tlsvuln
  • http://extendedsubset.com/Renegotiating_TLS.pdf
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

21. Thank you! Question?


Apache Ssl

Apache Ssl

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

COMODO JAPAN | SSL 証明書 - Creating Trust …jp.comodo.com/ssl-certificate-products/ssl/comodo_ev...Comodo SSL Certificate. The key difference is the validation process now requires

COMODO JAPAN | SSL 証明書 - Creating Trust …jp.comodo.com/ssl-certificate-products/ssl/comodo_ev...Comodo SSL Certificate. The key difference is the validation process now requires

VII. Corente Services SSL Client - docs.oracle.com€¦ · SSL Certificate.....44 SSL Certificate ..... 45 Obtaining an SSL Certificate Signed by a CA..... 46 Install an SSL Certificate

VII. Corente Services SSL Client - docs.oracle.com€¦ · SSL Certificate.....44 SSL Certificate ..... 45 Obtaining an SSL Certificate Signed by a CA..... 46 Install an SSL Certificate

ESP8266 SSL User Manual - MPJA.COM SSL User Manual v1.4.pdf · " "Espressif Systems " ESP8266 SSL User Manual 2. ESP8266 as SSL server When ESP8266 is running as a SSL server, header

ESP8266 SSL User Manual - MPJA.COM SSL User Manual v1.4.pdf · " "Espressif Systems " ESP8266 SSL User Manual 2. ESP8266 as SSL server When ESP8266 is running as a SSL server, header

SSL overview

SSL overview

Cloud SSL Certificate Services - Cloud SSL | Securing Your ... · Cloud SSL Certificate Services Security Beyond the Certificate ... Extended Validation (EV) Multi-domain SSL/TLS

Cloud SSL Certificate Services - Cloud SSL | Securing Your ... · Cloud SSL Certificate Services Security Beyond the Certificate ... Extended Validation (EV) Multi-domain SSL/TLS

Configuring Ssl

Configuring Ssl

How to get a SSL Certificate with SSL Europa.

How to get a SSL Certificate with SSL Europa.

SonicOS 7 DPI-SSL - SonicWall · AboutDPI-SSL NOTE:DPI-SSLisaseparate,licensedfeaturethatprovidesinspectionofencryptedHTTPStrafficand otherSSL-basedIPv4andIPv6traffic. Topics: l UsingDPI-SSL

SonicOS 7 DPI-SSL - SonicWall · AboutDPI-SSL NOTE:DPI-SSLisaseparate,licensedfeaturethatprovidesinspectionofencryptedHTTPStrafficand otherSSL-basedIPv4andIPv6traffic. Topics: l UsingDPI-SSL

Mission https:// - My SSL Online · SSL Capabilities: Symantec offers a variety of SSL products that support various authentication mechanisms for different needs. From SSL certificates

Mission https:// - My SSL Online · SSL Capabilities: Symantec offers a variety of SSL products that support various authentication mechanisms for different needs. From SSL certificates

The Difference Between a Standard SSL and EV SSL Certificate

The Difference Between a Standard SSL and EV SSL Certificate

Protocolo Ssl

Protocolo Ssl

SSL Manager is an online tool that helps you set up SSL ... · SSL Manager is an online tool that helps you set up SSL security for your you require SSL Security. The SSL Manager

SSL Manager is an online tool that helps you set up SSL ... · SSL Manager is an online tool that helps you set up SSL security for your you require SSL Security. The SSL Manager

CERTISIGN SSL CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENTctn.certisign.com.br › ssl › dpc › dpc-certisign-ssl... · 2019-02-12 · This document is CERTISIGN SSL

CERTISIGN SSL CERTIFICATION AUTHORITY CERTIFICATION PRACTICE STATEMENTctn.certisign.com.br › ssl › dpc › dpc-certisign-ssl... · 2019-02-12 · This document is CERTISIGN SSL

Servidor ssl

Servidor ssl

Self-Signed SSL Versus Trusted CA Signed SSL Certificate

Self-Signed SSL Versus Trusted CA Signed SSL Certificate

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar … · CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014

CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar … · CERTIFICATE POLICY (CP) (For SSL, EV SSL, OSC and similar electronic certificates) VERSION : 09 DATE : 01.12.2014

Customizing Clientless SSL VPN - Cisco · Customizing Clientless SSL VPN September 13, 2013 Customizing the Clientless SSL VPN User Experience You can customize the Clientless SSL

Customizing Clientless SSL VPN - Cisco · Customizing Clientless SSL VPN September 13, 2013 Customizing the Clientless SSL VPN User Experience You can customize the Clientless SSL

Ssl Attacks

Ssl Attacks