«
»

TLS Renegotiation Test

7 Comments

November 28th, 2009 by Nasko

The new TLS/SSL man-in-the-middle (MiTM) attack targets the renegotiation part of the protocol. There are two variations of the renegotiation – client initiated and server initiated. This tool allows you to test any web server (input as server:port) for client initiated renegotiation support, as server initiated renegotiation depends on specific server configuration. As currently there is no fix other than disabling renegotiation, this will pretty much tell you whether the server is vulnerable or not to this type of renegotiation attack

Tags: , , , , , , ,

7 Responses to “TLS Renegotiation Test”

  1. Tweets that mention TLS Renegotiation Test | netsekure rng -- Topsy.com Says:
    November 30th, 2009 at 08:07

    [...] This post was mentioned on Twitter by PhoneFactor, Marsh Ray. Marsh Ray said: RT @naskooskov TLS client initiated renegotiation test http://netsekure.org/2009/11/tls-renegotiation-test/ [...]

  2. Extended Subset » Blog Archive » Assorted news Says:
    November 30th, 2009 at 13:21

    [...] has set up a nice test for client-initiated renegotiation on his blog. This is probably the most pervasive, and simplest to exploit, form of the SSL/TLS [...]

  3. MitM Plaintext Injection Vulnerability in TLS (openssl) « waffle Says:
    December 13th, 2009 at 04:27

    [...] Test Here: TLS Renegotiation Test | netsekure rng [...]

  4. Nipun Says:
    April 24th, 2010 at 12:59

    Hey Nasko,

    This is pretty cool. We are a bunch of grad students who are trying to simulate the TLS renegotiation vulnerability in virtual testbed environment. I just stumbled on to your link today, 2 days before the final presentation of our project.

    Can you please share the source code of this Renegotiation Test with us ? We hope that we will get back to you with a better implementation useful for our project as well as for putting up on your website.

    Let me know if you have any questions.

    Thanks and regards,

    Nipun

  5. Nipun Says:
    April 24th, 2010 at 13:01

    We are trying to make the use of X-ignore in HTTP header to simulate the attack. And, it seems like you use telnet to get the output here. Are you only testing for Client-initiated renegotiation ?

  6. Nasko Says:
    April 26th, 2010 at 08:17

    Yes, I am only testing client initiated renegotiation. It says so on the page itself : ). Server initiated renegotiation depends on a bunch of factors, so it is hard to produce a generic test.

  7. Nasko Says:
    April 26th, 2010 at 08:18

    I’ve emailed you with details, so let’s keep in touch and see how I can help you with your project.