6. Cipher-Suites
Key Exchange Algorithm
Ex: RSA, Diffie-Hellman, ECDH and etc.
It is used to determine if and how the client and server will authenticate during
the handshake.
Encryption Algorithm
Ex: AES, 3DES and etc.
It is used to encrypt the data between two client and server.
Message Authentication
Ex: MD5,SHA and etc.
It is used to provide integrity to data between client and server.
13. Digital certificates are electronic credentials that are used to assert the online
identities of individuals, computers, and other entities on a network.
Digital certificates function similarly to identification cards such as passports and
drivers licenses.
24. During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b)
will attempt to find an alternative certificate chain if the first attempt to build such
a chain fails.
An error in the implementation of this logic can mean that an attacker could cause
certain checks on un-trusted certificates to be bypassed, such as the CA flag,
enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid
certificate.
25. The issue, which was reported to OpenSSL on June 24 , 2015 by Adam Langley and
David Benjamin of Google/Boring-SSL, is known to affect versions 1.0.2c, 1.0.2b,
1.0.1n, and 1.0.1o. It can be used to compromise any application that verifies
certificates including SSL and TLS.(CVE ID: 2015-1793)
Exploit Available at:
https://www.rapid7.com/db/modules/auxiliary/server/openssl_altchainsforgery_mi
tm_proxy
27. Attacker
1) Example.com
Certified by Global Sign
(Private Key, Public Key)
AttackerVictim
www.bank.com
Certified by Global Sign
(Private key, Public Key)
2) Man in the Middle Attack Launched
3) Victim tries a SSL to bank.com
4) Attacker Signs Bank
Certificate using his
private key
and address is
example.com/cert.crt
5)Victim Checks the
Certificate ,Chain
validation is failed
and constructs
alternative Chains
6) Alternate Chains construct new
certificates based on url (retrieves
attacker certificate) sent by attacker.
External, Trusted Certificates also
retrieved. Certificate Chain Created.
7) Session Compromised