Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 04 Mar 2014 11:01:52 +0000
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request?: konqueror - https uses all ciphers,
 even weak ones

On 03/04/2014 05:38 AM, cve-assign@...re.org wrote:
>   - The server can support strong cipher suites, but is misconfigured
>     to select only 40-bit cipher suites. This is a similar situation.
>     If the user must use the server immediately (i.e., he doesn't have
>     time to contact the server operator and ask for a
>     reconfiguration), a 40-bit cipher suite is the right choice.

A misconfigured server might only offer a 40-bit cipher to a peer that
offers a 40-bit cipher, but might offer a stronger cipher to a peer that
does *not* offer any 40-bit ciphers.

arguably, this involves two different misconfigurations (both server and
client), but the issue would be mitigated if the client was not offering
a weak cipher and claiming it was a successfully secure connection.

Here is another situation where konqueror successfully indicates a
"secure" connection to a server that has a known-insecure configuration:
 point konqueror at: https://demo.cmrg.net/ -- you'll see a successful
connection, though that server only offers DHE over a
trivially-crackable 16-bit group.

NSS-based browsers will throw an ssl_error_weak_server_ephemeral_dh_key
error and refuse the connection; konqueror claims it is a secure connection.

	--dkg


Download attachment "signature.asc" of type "application/pgp-signature" (1011 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ