Date: Thu, 5 Feb 2015 11:18:01 +1100 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? On 5 February 2015 at 03:35, Mark Felder <feld@...d.me> wrote: > *) mod_ssl: New directive SSLSessionTickets (On|Off). And as with nginx and OpenSSL s3_srvr.c, there's no retval check on RAND_pseudo_bytes() when creating the IV to encrypt the session ticket. This isn't exploitable with the default RNG (you won't get this far without a working RNG), but be careful if your engine is flaking out - you could be sending something else out with your IVs... For the record: -1 : Error, buffer not filled 0 : Buffer filled with potentially predictable entropy (unless an engine aliased their RAND_bytes interface to RAND_pseudo_bytes!) 1 : Success Regards, Michael
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ