[Cryptography] CVE-2015-0205 anyone?

Erwan Legrand erwan at lightbringer.org
Tue Jan 27 12:42:29 EST 2015


Can anyone make sense of the announcement for CVE-2015-0205, an
alleged security flaw in OpenSSL?

Here is what the announcement says:

> An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates containing DH keys: these are extremely rare and hardly ever encountered.

It seems to me that accepting DH certificates from the client without
a Certificate Verify message is expected, since DH certificates have
no signing capability. A quick search in any of the TLS RFC's or in
the SSLv3 spec appears to confirm this.

I had a look at the fix for this vulnerability and it appears to add a
requirement for a Certificate Verify message even if the client cert
is a DH cert which as I see it is a violation of the SSLv3 spec and
all TLS RFCs and insures that DH certs can no longer be used by
clients connecting to OpenSSL servers from now on.

Did I miss something?


PS: I do realize that probably nobody cares because nobody uses DH certs.

More information about the cryptography mailing list