On Thu, Sep 16, 2004 at 10:55:46AM +0200, Fr�d�ric Giudicelli wrote: > Target: openssl-0.9.7d > > Hi, > > In ssl/ssl.h, SSL_OP_ALL is defined as "various bug workarounds that > should be rather harmless", however it includes the > SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, which is rather not a > harmless option, since it allows a user to change the cipher during a > session resuming. > The problem is that it by-passes the verification of acceptable ciphers on > server side. Therefore, if some one is able to get a valid session id from > another user (by sniffing or whatever other way), it will be able to > connect to the server and specify the RSA-NULL cipher, therefore the > previous session won't be needed, and there won't be any proof that the > current user is the previous one (ssl session hijacking).
``therefore the previous session won't be needed''? But the handshake still must be completed, must it not? And to do so, the attacker would need to know the master_secret (for the Finished messages). I must be missing something. Would you mind explaining a bit further for the slow? :-) Cheers, -- Jacques A Vidrine / NTT/Verio [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
