httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Fri, 06 Nov 2009 00:28:43 GMT
On 06.11.2009 01:12, Joe Orton wrote:
> On Fri, Nov 06, 2009 at 12:00:06AM +0000, Joe Orton wrote:
> FYI - Dirk points out that you can test this using openssl s_client by 
> entering a line with the single character 'R' which s_client treats as a 
> command to initiate a renegotiation.   Joe
> 
> $ openssl s_client ...
> ---
> GET / HTTP/1.1
> Host: localhost
> R
> RENEGOTIATING
> 139919233795736:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:590:

Not sure if everyone is aware:

http://extendedsubset.com/Renegotiating_TLS.pdf

contains such an exposure example using s_client.

Eric Rescorla also explained some more details a few hours ago:

http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html

Mime
View raw message