[nSLUG] GnuTLS certificate bug and Apple certificate bug
julien.savoie at usainteanne.ca
Wed Mar 19 07:45:59 ADT 2014
On 18/03/14 09:50 PM, Julien Savoie wrote:
> In the case of the IOS/OSX vuln, there was a bypass (goto fail!) of
> the check to see if the session key (used for forward secrecy) was
> signed correctly by the right long-term private key.
Oops, that should have read ephemeral key, not session key.
The session key is never signed directly with the long-term key in DHE,
but rather with the ephemeral key. The vulnerability comes from the
fact that the client isn't checking that the ephemeral key was signed by
the long-term key.
More information about the nSLUG