On Fri, Jan 12, 2018 at 06:21:00PM +0100, Gerd v. Egidy wrote:
> > > I think you also need:
> > >
> > > - A user is able to trick the server into serving his document root as
> > > default vhost
> > >
> > > - The webserver serves the default tls vhost, even if the CA requested a
> > > specific vhost via SNI
> >
> > Well, I think both are impiled by default vhost.
>
> The first yes.
>
> But the second I'm not so sure.
>
> AFAIK, with Apache httpd you'll get the tls default vhost just for requests
> without SNI.
>
> Of course not everyone is using Apache, but I think it makes it an additional
> condition for the attack to work.
Nginx is popular too, and with Nginx at least, the default catches all
requests that are not for explicitly configured vhost.
This happens independently for both HTTP and HTTPS.
> > > > (And there are countermeasures that can detect default vhosts).
> > >
> > > Could you explain in more detail?
> > >
> > > Will they still work in conjunction with TLS and SNI?
> >
> > One trick: Use some wild host value, and see that either TLS handshake
> > fails with alert 112, or that returned certificate is different.
>
> Did you (or anybody else) see any setup where that check gives the wrong
> results?
I know one setup, where currently that detects one of the explicit
vhosts as default vhost (because it actually is). Changing that if
needed sould not be terribly hard.
-Ilari
___
Acme mailing list
Acme@ietf.org
https://www.ietf.org/mailman/listinfo/acme
