OpenSSL 0.9.8 supports Kerberos Cipher Suites. However, the
implementation is not compliant with RFC 2712.
Here are the issues with OpenSSL implementation of Kerberos Cipher Suites:
1) Certificate Message with no certs
OpenSSL implementation sends the Certificate message during SSL
handshake, however as per the specification, these have been omitted.
-- RFC 2712 --
CertificateRequest, and the ServerKeyExchange shown in Figure 1 will
be omitted since authentication and the establishment of a master
secret will be done using the client's Kerberos credentials for the
TLS server. The client's certificate will be omitted for the same
reason.
-- RFC 2712 --
2) EncryptedPreMasterSecret
The PreMasterSecret should be encrypted within a Kerberos-defined
EncryptedData structure.
OpenSSL implementation does not use Kerberos-defined "EncryptedData" to
encrypt the pre-master secret.
3) Pre-master secret Protocol version
The pre-master secret generated by OpenSSL does not have the correct
client version.
RFC 2712 says, if the Kerberos option is selected, the pre-master secret
structure is the same as that used in the RSA case.
TLS specification defines pre-master secret as:
struct {
ProtocolVersion client_version;
opaque random[46];
} PreMasterSecret;
where client_version is the latest protocol version supported by the client
The pre-master secret generated by OpenSSL does not have the correct
client version. The implementation does not update the first 2 bytes of
random secret for Kerberos Cipher suites. At the server-end, the client
version from the pre-master secret is not validated.
--
Seema Malkani
Sun Microsystems, Inc.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
