"sunsetsha1" handler detecting TLS certificates using SHA-1 expiring during or after sunset period#78
"sunsetsha1" handler detecting TLS certificates using SHA-1 expiring during or after sunset period#78mkenne11 wants to merge 1 commit intogoogle:devfrom
Conversation
|
This request is intended to address issue #60. |
|
This should probably be a data handler with the rest of the TLS check stuff in https://github.com/google/nogotofail/blob/dev/nogotofail/mitm/connection/handlers/data/ssl.py, once #83 lands you can get the Certificate chain bytes pretty easily and then check in a passive handler. Also I should add a data handler that handles buffering/parsing TLS records since we're currently duplicating a lot of code. I'll file a blocking issue :) |
mkenne11
force-pushed
the
sunsetsha1
branch
2 times, most recently
from
43b0469 to
241d204
Compare
|
I changed the sunsetsha1 handler to be a data handler and passive. I also modified it to parse the certificate chain bytes (the new handshake "Certifcate" class) when checking the certs signing algorithm. I am accessing the Certificate.certificates list to check each cert in the chain of trust. I was hoping to access the certificate attributes using the OpenSSL API attributes (e.g. .get_signature_algorithm()). Is the a way of casting the each cert byte string to a OpenSSL certificate type? Or maybe I'm off track ... Here's the current handler commit with the relevant line highlighted. Thanks in advance. |
mkenne11
force-pushed
the
sunsetsha1
branch
4 times, most recently
from
6fcad97 to
e98150a
Compare
|
It's OKI worked out how to cast a certificate byte string to a pyOpenSSL certificate object. When checking the signature algorithm of each certificate in the chain - do I need to check the algorithm for just the first certificate? Or the signature of the intermediate certificates and root certificate as well? I assume I only need to check the signing algorithm of the first cert in the certificates list (index 0) which signs the encrypted message - but I'm happy to be told otherwise :) |
|
Probably best to only go with the leaf cert.
|
mkenne11
force-pushed
the
sunsetsha1
branch
2 times, most recently
from
cfdfa0a to
8ee21f9
Compare
|
Thanks Chad. I revised the handler to check only the leaf node for use of SHA-1 during or after the sunset period. I'll keep an eye out for the data handler that handles buffering/parsing of TLS records to land, then finalize this handler as well the noforwardsecrecy handler (PR # 79). |
mkenne11
force-pushed
the
sunsetsha1
branch
from
418ea2b to
acca25f
Compare
mkenne11
changed the title
mkenne11
force-pushed
the
sunsetsha1
branch
4 times, most recently
from
73dc7e3 to
d6e79fb
Compare
|
I changed the sha-1 handler to use the new TlsRecordHandler. I also included a change to exclude compiled Android client and test harness files (APKs) from Git, by including these in the project .gitignore files. I built the projects in Android Studio and the default build path "app/" where the APKs are created. It worked fine for me in testing - please let me know if you spot any issues. Happy to fix :) |
|
Firefox is alerting on intermediate certificates using SHA-1 which expire after the sunset date. Currently I'm only alerting when the leaf certificate uses SHA-1 after this date. Do you think there is much value in alerting on intermediate certificates as well? |
|
I added alerts for intermediate certificates who use SHA-1 as the signature signing algorithm. I noticed both Firefox and SSL Labs alerts on intermediate certificates. I raised the intermediate certificate alerts as a WARNING as the risk to the client should be small. I believe for an attacker to exploit this vulnerability they would need to have a cert with the same (SHA-1) hash value as the intermediate cert and convince the root CA to sign it (but I'm not an expert :) ). |
The new handler "sunsetsha1" detects TLS certificates using the SHA-1 signature algorithm which expire during or after the Google Chrome SHA-1 sunset period. See Google security blog entry: https://googleonlinesecurity.blogspot.com.au/2014/09/gradually-sunsetting-sha-1.html. Note. The signature algorithm is checked for the "leaf" and "intermediate" certificates in the chain.
|
Improved variable name consistency. |
3 participants
A "sunsetsha1" handle was added to test for certificates using the SHA-1 signature algorithm and that expire during or after the Google Chrome SHA-1 sunset period. Changes were made to the mitm daemon and Android client for this handler.
See Chromium blog post for more details:
http://blog.chromium.org/2014/09/gradually-sunsetting-sha-1.html