SSL/TLS Pentesting: Renegotiation
Wednesday, December 16, 2015
By
Jitendra
SSL/TLS
0
comments
Renegotiation
*****************
The SSL/TLS protocols allow the client and server to renegotiate new encryption keys during a session. A vulnerability was discovered in 2009 whereby an attacker could exploit a flaw in the renegotiation process and inject content into the start of the session, compromising the integrity of the session.
This is only possible if two conditions are met, namely that the server does not support secure renegotiation but does honour client-initiated renegotiations.
Secure Renegotiation
*****************************
the following command can be used for checking if the system supports secure renegotiation.
command : openssl s_client -connect example.com:443
A system that does support secure renegotiation will return the following when a connection is established
Special Thanks
Sooraj Shekhar
Thanks
Jitendra K Singh (Team Computer Korner)
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
0 comments: