Re: TLS Man-In-The-Middle Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Erwin Lam wrote: Nov 23 05:07:29.317 [notice] Tor 0.2.1.20 opening log file. Nov 23 05:07:29.352 [notice] Parsing GEOIP file. Nov 23 05:07:30.212 [notice] No current certificate known for authority urras; launching request. Nov 23 05:07:30.212 [notice] Bootstrapped 5%: Connecting to directory server. Nov 23 05:07:30.268 [notice] I learned some more directory information, but not enough to build a circuit: We have no network-status consensus. Nov 23 05:07:30.269 [notice] No current certificate known for authority urras; launching request. Nov 23 05:07:30.293 [notice] Bootstrapped 10%: Finishing handshake with directory server. Nov 23 05:07:30.363 [warn] TLS error: unexpected close while renegotiating Nov 23 05:07:30.421 [warn] TLS error: unexpected close while renegotiating Nov 23 05:07:30.866 [warn] TLS error: unexpected close while renegotiating Nov 23 05:08:31.090 [notice] No current certificate known for authority urras; launching request. Nov 23 05:08:31.182 [warn] TLS error: unexpected close while renegotiating Nov 23 05:08:31.446 [warn] TLS error: unexpected close while renegotiating Nov 23 05:13:36.219 [notice] No current certificate known for authority urras; launching request. Nov 23 05:13:36.344 [warn] TLS error: unexpected close while renegotiating Nov 23 05:13:36.752 [warn] TLS error: unexpected close while renegotiating I can confirm these errors while trying to setup a lightning talk within the network at the Deepsec afterparty at Metalab: those guys are nice, but they were playing a bit bad with the TLS connections ;-) The setup is Slackware64 13.0 with openssl-0.9.8k and tor-0.2.1.20. ciao - -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksKU/oACgkQTYvJ9gtgvF9HtQCg36Sic0gqsHczbUCZNAyH6XYg rycAoMfGlzh1hjOH+AwbD8rThL/J3Ljk =3OCI -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I should correct myself: I'm supposed to be in a safe network, yet the errors are still on. Could it be related to the openssl version? The 0.9.8k release disables SSL renegotiation. - -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksKV1QACgkQTYvJ9gtgvF+ipgCeNlfqfC67nKtK6akAwjLiBMst W1gAoNw2yKreKv5x+7s2dir5yeUTsbbF =8o1w -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Mon, 23 Nov 2009 05:21:41 +0100 Erwin Lam erwin...@dds.nl wrote: On Monday 23 November 2009 03:29:14 Scott Bennett wrote: On Sun, 22 Nov 2009 23:47:36 +0100 Erwin Lam erwin...@dds.nl wrote: On Thursday 12 November 2009 03:15:20 Nick Mathewson wrote: On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote: On 11/05/09 15:52, Nick Mathewson wrote: On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). The vulnerability itself might not effect Tor, but the OpenSSL workaround for this vulnerability of disabling renegotiation by default in 0.9.8l [1] might not play nice with a Tor implementation. =20 Indeed it will not. We have a fix in svn to make the 0.2.1.x and 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With any luck, we should get releases out before too long. Hi Nick, Would you mind releasing that updated version a.s.a.p. Tor doesn't work=20 here at all anymore You must be just a tad behind in your reading. The announcement has already been posted. Just go to the tor download page, and get it. Well, I am running tor v 0.2.1.20, which is the most recent version, on openSUSE 11.2 (x86_64). This is what I see in the log: Nov 23 05:07:29.317 [notice] Tor 0.2.1.20 opening log file. Nov 23 05:07:29.352 [notice] Parsing GEOIP file. Nov 23 05:07:30.212 [notice] No current certificate known for authority urras; launching request. Nov 23 05:07:30.212 [notice] Bootstrapped 5%: Connecting to directory server. Nov 23 05:07:30.268 [notice] I learned some more directory information, but not enough to build a circuit: We have no network-status consensus. Nov 23 05:07:30.269 [notice] No current certificate known for authority urras; launching request. Nov 23 05:07:30.293 [notice] Bootstrapped 10%: Finishing handshake with directory server. Nov 23 05:07:30.363 [warn] TLS error: unexpected close while renegotiating Nov 23 05:07:30.421 [warn] TLS error: unexpected close while renegotiating Nov 23 05:07:30.866 [warn] TLS error: unexpected close while renegotiating Nov 23 05:08:31.090 [notice] No current certificate known for authority urras; launching request. Nov 23 05:08:31.182 [warn] TLS error: unexpected close while renegotiating Nov 23 05:08:31.446 [warn] TLS error: unexpected close while renegotiating Nov 23 05:13:36.219 [notice] No current certificate known for authority urras; launching request. Nov 23 05:13:36.344 [warn] TLS error: unexpected close while renegotiating Nov 23 05:13:36.752 [warn] TLS error: unexpected close while renegotiating Connection through tor is not possible. RPM packages: tor-0.2.1.20-1.pm.1.1.x86_64 Try 0.2.2.6-alpha. I'm running 0.2.2.5-alpha with no problems. openssl-0.9.8k-3.5.3.x86_64 You should probably also update openssl to 0.9.8l before building tor. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Monday 23 November 2009 19:46:48 Scott Bennett wrote: big snip ... tor-0.2.1.20-1.pm.1.1.x86_64 Try 0.2.2.6-alpha. I'm running 0.2.2.5-alpha with no problems. openssl-0.9.8k-3.5.3.x86_64 You should probably also update openssl to 0.9.8l before building tor. Thanks, but that is like avoiding the problem. I rather see that the developers have a look at this problem. Regards, Erwin -- Erwin Lam (erwin...@dds.nl) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Mon, Nov 23, 2009 at 05:21:41AM +0100, Erwin Lam wrote: Indeed it will not. We have a fix in svn to make the 0.2.1.x and 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With any luck, we should get releases out before too long. Well, I am running tor v 0.2.1.20, which is the most recent version, on openSUSE 11.2 (x86_64). This is what I see in the log: Nov 23 05:07:30.363 [warn] TLS error: unexpected close while renegotiating Right. The 0.2.2.6-alpha release should work with the new openssl. The 0.2.1.21 release will too, but it isn't out yet; I'm still hoping to combine a second fix (for bug 1150) along with the openssl changes, and that one is currently being tested. I figure people who are always running the latest-and-greatest of whatever libs won't have much trouble either running our development version, or using the maint-0.2.1 git branch, until the new stable is ready. Which distros have backported the new openssl that breaks the world? --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Thursday 12 November 2009 03:15:20 Nick Mathewson wrote: On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote: On 11/05/09 15:52, Nick Mathewson wrote: On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). The vulnerability itself might not effect Tor, but the OpenSSL workaround for this vulnerability of disabling renegotiation by default in 0.9.8l [1] might not play nice with a Tor implementation. Indeed it will not. We have a fix in svn to make the 0.2.1.x and 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With any luck, we should get releases out before too long. Hi Nick, Would you mind releasing that updated version a.s.a.p. Tor doesn't work here at all anymore Regards, Erwin -- Erwin Lam (erwin...@dds.nl) signature.asc Description: This is a digitally signed message part.
Re: TLS Man-In-The-Middle Vulnerability
On Sun, Nov 22, 2009 at 11:47:36PM +0100, erwin...@dds.nl wrote 2.2K bytes in 60 lines about: : Would you mind releasing that updated version a.s.a.p. Tor doesn't work : here at all anymore What errors do you see in the tor logs? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Sun, 22 Nov 2009 23:47:36 +0100 Erwin Lam erwin...@dds.nl wrote: On Thursday 12 November 2009 03:15:20 Nick Mathewson wrote: On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote: On 11/05/09 15:52, Nick Mathewson wrote: On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). The vulnerability itself might not effect Tor, but the OpenSSL workaround for this vulnerability of disabling renegotiation by default in 0.9.8l [1] might not play nice with a Tor implementation. =20 Indeed it will not. We have a fix in svn to make the 0.2.1.x and 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With any luck, we should get releases out before too long. Hi Nick, Would you mind releasing that updated version a.s.a.p. Tor doesn't work=20 here at all anymore You must be just a tad behind in your reading. The announcement has already been posted. Just go to the tor download page, and get it. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Monday 23 November 2009 03:29:14 Scott Bennett wrote: On Sun, 22 Nov 2009 23:47:36 +0100 Erwin Lam erwin...@dds.nl wrote: On Thursday 12 November 2009 03:15:20 Nick Mathewson wrote: On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote: On 11/05/09 15:52, Nick Mathewson wrote: On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). The vulnerability itself might not effect Tor, but the OpenSSL workaround for this vulnerability of disabling renegotiation by default in 0.9.8l [1] might not play nice with a Tor implementation. =20 Indeed it will not. We have a fix in svn to make the 0.2.1.x and 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With any luck, we should get releases out before too long. Hi Nick, Would you mind releasing that updated version a.s.a.p. Tor doesn't work=20 here at all anymore You must be just a tad behind in your reading. The announcement has already been posted. Just go to the tor download page, and get it. Well, I am running tor v 0.2.1.20, which is the most recent version, on openSUSE 11.2 (x86_64). This is what I see in the log: Nov 23 05:07:29.317 [notice] Tor 0.2.1.20 opening log file. Nov 23 05:07:29.352 [notice] Parsing GEOIP file. Nov 23 05:07:30.212 [notice] No current certificate known for authority urras; launching request. Nov 23 05:07:30.212 [notice] Bootstrapped 5%: Connecting to directory server. Nov 23 05:07:30.268 [notice] I learned some more directory information, but not enough to build a circuit: We have no network-status consensus. Nov 23 05:07:30.269 [notice] No current certificate known for authority urras; launching request. Nov 23 05:07:30.293 [notice] Bootstrapped 10%: Finishing handshake with directory server. Nov 23 05:07:30.363 [warn] TLS error: unexpected close while renegotiating Nov 23 05:07:30.421 [warn] TLS error: unexpected close while renegotiating Nov 23 05:07:30.866 [warn] TLS error: unexpected close while renegotiating Nov 23 05:08:31.090 [notice] No current certificate known for authority urras; launching request. Nov 23 05:08:31.182 [warn] TLS error: unexpected close while renegotiating Nov 23 05:08:31.446 [warn] TLS error: unexpected close while renegotiating Nov 23 05:13:36.219 [notice] No current certificate known for authority urras; launching request. Nov 23 05:13:36.344 [warn] TLS error: unexpected close while renegotiating Nov 23 05:13:36.752 [warn] TLS error: unexpected close while renegotiating Connection through tor is not possible. RPM packages: tor-0.2.1.20-1.pm.1.1.x86_64 openssl-0.9.8k-3.5.3.x86_64 Regards, Erwin -- Erwin Lam (erwin...@dds.nl) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On 11/05/09 15:52, Nick Mathewson wrote: On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). The vulnerability itself might not effect Tor, but the OpenSSL workaround for this vulnerability of disabling renegotiation by default in 0.9.8l [1] might not play nice with a Tor implementation. -Andrew [1] http://www.openssl.org/news/secadv_2009.txt *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TLS Man-In-The-Middle Vulnerability
On Wed, Nov 11, 2009 at 12:59:21PM -0500, Andrew S. Lists wrote: On 11/05/09 15:52, Nick Mathewson wrote: On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). The vulnerability itself might not effect Tor, but the OpenSSL workaround for this vulnerability of disabling renegotiation by default in 0.9.8l [1] might not play nice with a Tor implementation. Indeed it will not. We have a fix in svn to make the 0.2.1.x and 0.2.2.x-alpha series both work correctly with OpenSSL 0.9.8l. With any luck, we should get releases out before too long. yrs, -- Nick *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
TLS Man-In-The-Middle Vulnerability
Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: TLS Man-in-the-middle on renegotiation vulnerability made public http://isc.sans.org/diary.html?storyid=7534 -- Marcus Griep —— Ακακια את.ψο´, 3°
Re: TLS Man-In-The-Middle Vulnerability
The ITEF Network Working Group has already begun drafting a new extension to TLS: Renegotiation Indication. https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt -- Marcus Griep —— Ακακια את.ψο´, 3° On Thu, Nov 5, 2009 at 2:10 PM, Marcus Griep tormas...@xpdm.us wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: TLS Man-in-the-middle on renegotiation vulnerability made public http://isc.sans.org/diary.html?storyid=7534 -- Marcus Griep —— Ακακια את.ψο´, 3°
Re: TLS Man-In-The-Middle Vulnerability
On Thu, Nov 05, 2009 at 02:10:00PM -0500, Marcus Griep wrote: Don't know if any one else has seen or taken a look at this. I don't know if this affects Tor, though I believe that we do use certificate renegotiation in the protocol, and that is the entry vector for this particular vulnerability: FWIW, this doesn't affect Tor. The problem here is not renegotiation per se; the problem is doing renegotiation, then acting as though data sent _before_ the renegotiation were authenticated with the rengotiated credentials. The Tor protocol isn't vulnerable here because 1) it doesn't allow data to be sent before the renegotiation step, and 2) it doesn't treat a renegotiation as authenticating previously exchanged data (because there isn't any). Browser users, though, should watch out--especially if you use client certificates for anything. yrs, -- Nick *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
man in the middle?
Got this when testing an ssh connection: WARNING: DSA key found for host shell.sf.net in /home/robert/.ssh/known_hosts:8 DSA key fingerprint 4c:68:03:d4:5c:58:a6:1d:9d:17:13:24:14:48:ba:99. The authenticity of host 'shell.sf.net (66.35.250.208)' can't be established but keys of different type are already known for this host. RSA key fingerprint is cf:9b:db:c4:53:c3:f0:0d:e8:c4:15:33:61:71:01:ca. Are you sure you want to continue connecting (yes/no)? no Tor first attempted to attach a circuit with toxischnet as it's exit. This didn't work, so it then used tormentor. I then got the above. I subsequently used both toxischnet and tormentor to connect without any key authentication issues. The RSA fingerpint is not listed by sourceforge. http://sourceforge.net/docs/G04/en/#fingerprintlist Malice? Misconfiguration of some sort? Anyone care to test either of these exits? -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
ssh man-in-the-middle attack
Someone reported similar behavior a while back, so I figured I'd mention this: yesterday while using ssh over tor, ssh complained loudly that the key on the remote server had changed. I knew it had not. I canceled the operation, tried again, and everything worked as normal. The key fingerprint was: 44:7b:f7:9f:44:9a:a4:de:be:f5:e6:a7:0e:e1:a2:ff I've only had this happen once. The moral is: know the fingerprint of the server you're connecting to when connecting for the first time --B
Re: ssh man-in-the-middle attack
On Thu, Nov 16, 2006 at 01:25:33PM -0500, Bryan Fordham wrote: I've only had this happen once. The moral is: know the fingerprint of the server you're connecting to when connecting for the first time Which should of course be the case whether you're connecting over Tor or not... Dave -- Dave Page [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED]