Coding Practice [was Re: Serious OpenSSL vulnerability]
Frantisek Hanzlik
franta at hanzlici.cz
Sun Apr 27 07:42:37 UTC 2014
Bruno Wolff III wrote:
> On Sat, Apr 26, 2014 at 22:19:47 +0200,
> Frantisek Hanzlik <franta at hanzlici.cz> wrote:
>>
>> I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug
>> (mainly because I consider Fedora 15+ as too problematic and stay at
>> F14 with eventual migration to CentOS 6 on my servers, thus they aren't
>> affected with this bug), but - it is truth, that when private key is
>> stealed, this _always_ implied, that encrypted traffic may be read
>> with private key knowledge? As I know, when e.g. Diffie-Hellman key
>> exchanging is used, then either private key knowledge isn't sufficient
>> to decode network traffic. Of course, TLS RFCs give us some basic set
>> of mandatory ciphersuites which should know every TLS endpoint, and
>> there are also these, where private key knowledge is sufficient for
>> traffic decoding. But when at my side I allow e.g. (contrary to RFCs)
>> only DH ciphersuites, then maybe either I'm not able establish a
>> connection, or my connection is reliable - although connection is
>> tapped by someone, who keep my private key. Or am I wrong?
>
> If you have the private key and can redirect network traffic you can do
> man in the middle attacks. If forward security isn't being provided then
> just being able to see the traffic can allow you to get session keys.
MITM I can do even without having victims private key, it is another
case. But what I want to say, that was that even private key knowledge
is not _always_ sufficient to decode TLS traffic (when I able see /
capture it).
--
Franta Hanzlik
More information about the users
mailing list