Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 04 Mar 2014 11:01:52 +0000
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE Request?: konqueror - https uses all ciphers,
 even weak ones

On 03/04/2014 05:38 AM, cve-assign@...re.org wrote:
>   - The server can support strong cipher suites, but is misconfigured
>     to select only 40-bit cipher suites. This is a similar situation.
>     If the user must use the server immediately (i.e., he doesn't have
>     time to contact the server operator and ask for a
>     reconfiguration), a 40-bit cipher suite is the right choice.

A misconfigured server might only offer a 40-bit cipher to a peer that
offers a 40-bit cipher, but might offer a stronger cipher to a peer that
does *not* offer any 40-bit ciphers.

arguably, this involves two different misconfigurations (both server and
client), but the issue would be mitigated if the client was not offering
a weak cipher and claiming it was a successfully secure connection.

Here is another situation where konqueror successfully indicates a
"secure" connection to a server that has a known-insecure configuration:
 point konqueror at: https://demo.cmrg.net/ -- you'll see a successful
connection, though that server only offers DHE over a
trivially-crackable 16-bit group.

NSS-based browsers will throw an ssl_error_weak_server_ephemeral_dh_key
error and refuse the connection; konqueror claims it is a secure connection.

	--dkg


Download attachment "signature.asc" of type "application/pgp-signature" (1011 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.