SSL renegotiation ?

Alan DeKok aland at deployingradius.com
Thu Nov 12 08:47:03 CET 2009


John wrote:
> I found  a new man-in-the-middle attack with SSL. 
> http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html

  It's a nice attack on SSL.

> I am afraid if freeRADIUS use SSL renegotiation?  The freeRADIUS version
> is 1.1.6. We use EAP-TLS and the backend OpenLDAP server with TLS
> connection. 
> 
> Does  freeRADIUS use SSL renegotiation ?

  Yes and no.  Yes, it uses OpenSSL, with all of the functionality of
OpenSSL.  No, I don't see a way for SSL renegotiation to attack RADIUS.

  The attack involves a MITM who (mostly) terminates the SSL connection
from the client, and opens a connection to the server.  All RADIUS
relationships require a shared secret, so MITM attacks aren't possible
at the RADIUS layer.

  The only place this attack *might* occur is if the MITM spoofs an
802.1X enabled access point.  But the attacker can't send RADIUS
packets, because he doesn't know the shared secret.

  The attacker then has to do a MITM at the EAPoL layer.  i.e. spoof an
AP to the client, and then turn around, and copy those packets to a
*real* AP.

  If this worries you, there is a new version of OpenSSL available that
isn't subject to the attack.

  Alan DeKok.



More information about the Freeradius-Users mailing list