Kikx wrote:
Gervase Markham wrote:
SSL3 has a mechanism for detecting an attacker attempting to downgrade a connection between two SSL3 endpoints to SSL2 in order to MITM it, if that's what you mean.
I don't understand your point ... I have writen a program a couple of month before with downgrade a connection to SSL 2 without any warning ...
So, you've implemented a version rollback attack. That's an active attack, but is not the same as an MITM.
And I can't understand how the "mechanism" works because before the handshake you have no security and as the attaker ask for an SSL2 connexion, there is no more checksum for the transaction in clear text ... then as the transaction in clear are not checked ... the attaker can do whatever he wants !!!! (assuming that both of endpoints will accept such a level of encryption)
Please read appendix E.2 of the SSL3 specification and TLS standard. (It's the same appendix and same text in both documents). SSL3 spec: http://wp.netscape.com/eng/ssl3/draft302.txt TLS standard: http://www.rfc-editor.org/rfc/rfc2246.txt When a client that is capable of speaking SSL3 does an SSL2 RSA encryption operation, it includes some information in the encrypted data that identifies it as an SSL3 capable client. If the server is a real ssl2-only server, it will ignore this information and proceed normally. If the server is one that is capable of using both SSL2 and SSL3/TLS, then it should detect that it is talking with the SSL2 protocol to an SSL3-capable client, and should treat that as a sign of a version rollback attack. It can then terminate the handshake with an SSL3/TLS alert about the rollback, or if it is an https server, it can complete the handshake but then return a web page that reports the attack. But not all SSL2+SSL3 capable servers implement that rollback attack detection. I'd guess that the server you used is one of those that does not. -- Nelson B _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
