新的TLS/SSL3.0中间人攻击已公布 - TLS renegotiation attack

刚刚有研究人员公布了一种针对TLS/SSL的中间人攻击, 该攻击

1. exploitable (可操作性比较强)

2. 目前还没有解决方案, 等待各厂商出补丁.

3. 受影响的上层协议包括HTTPS,IMAP, SIP等等.

 

有人举了下面这个例子来帮助大家理解此洞

E.g., the attacker would send:

GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1 X-Ignore-This:

And leave the last line empty without a carriage return line feed. Then when the client makes his own request

 

GET /pizza?toppings=sausage;address=victimssaddress HTTP/1.1 Cookie: victimscookie

the two requests get glued together into:

 

GET /pizza?toppings=pepperoni;address=attackersaddress HTTP/1.1 X-Ignore-This: GET /pizza?toppings=sausage;address=victimssaddress HTTP/1.1 Cookie: victimscookie

And the server uses the victim's account to send a pizza to the attacker.

 

whitepaper的全文: http://extendedsubset.com/Renegotiating_TLS.pdf