On Mon, Jan 07, 2002 at 01:50:26PM +0000, Tushar wrote:
> 1. Cipher Selection:
> If the Client sends a weaker cipher (export), followed
> by a stronger cipher, then openssl selects the first
> (weaker) cipher as preferred by the client (as per the
> RFC).
>
> Note in the above case, an attacker can influence the
> order of client's cipher preference, thereby causing
> the peers to decide on weaker ciphers.
>
> Shouldn't there be logic to protect from such attacks?
Hmm. I vaguely remember that all of the handshake is protected by
cryptographic hashes, so that the modification would be noted at the
end of the handshake...
> Given a set of ciphers, the server should be able to
> decide on the most strongest one, need not be the
> first one always.
The term "strongest" may be technically difficult to judge on
(is AES-128 stronger than 128bit-RC4?). Anyway, as of OpenSSL 0.9.7,
the new SSL_OP_CIPHER_SERVER_PREFERENCE has been realized, so that
the server chooses according his preferred list of ciphers.
> 3. What should be ideal response (RFC) of server in
> this situation:
> "Server has only SSLv2 support and Client comes with
> SSLv3 Client-hello."
>
> Currently openssl terminates such connections.
There is nothing that can be done in this case. An SSLv2 server was
written (or at least implements just the technique) before SSLv3
was made available, so it cannot know how to handle the SSLv3
client hello. It is the job of the client to be backward compatible.
The first official standard is RFC2246 and it describes TLSv1.
Everything before it never became an official standard.
It can be expected that future extensions will stay compatible with
respect to the client hello.
> 4. session->peer cert refers to client certificate
> used in Client-Authentication. Is it required to store
> this cert once the session is establish?
>
> The main purpose of this cert is to authenticate
> client and verify the client's Certificate-Verify
> message.
>
> Once this is done, is it okay to free the cert. In
> session re-use there is no exchange of client's cert
> or cert-verify message.
The client certificate is stored inside the session cache. It may
be necessary to not only know "certificate passed or not", but to
also allow special action (e.g. login) based on the contents of
the certificate.
> Eventually too many peer certs may hog-on server
> resources.
Memory and hard disk became cheap these days.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
