[nSLUG] GnuTLS certificate bug and Apple certificate bug

Julien Savoie julien.savoie at usainteanne.ca
Wed Mar 19 07:45:59 ADT 2014

On 18/03/14 09:50 PM, Julien Savoie wrote:
> In the case of the IOS/OSX vuln, there was a bypass (goto fail!) of
> the check to see if the session key (used for forward secrecy) was
> signed correctly by the right long-term private key.
Oops, that should have read ephemeral key, not session key.

The session key is never signed directly with the long-term key in DHE,
but rather with the ephemeral key.  The vulnerability comes from the
fact that the client isn't checking that the ephemeral key was signed by
the long-term key.

More information about the nSLUG mailing list