[erlang-questions] SSL: Getting master_secret and client_random (or premaster_secret)
Fri Jan 13 19:16:52 CET 2017
On 01/13/2017 01:39 AM, Ingela Andin wrote:
> When it comes to security you should be very careful...
> However we would not want connection_information to return these values
> by default.
That's sensible. master_secret, server_random, and client_random should
be documented options (with a "THIS INFORMATION IS SECURITY SENSITIVE!
BE CAREFUL!" warning attached to them) for ssl:connection_information/2.
However, what does it mean to start a connection in "debug mode"? The
string "debug" neither appears in the ssl module documentation, nor in
its source code (OTP 19.2). Isn't limiting access to those parameters to
an explicit request (via ssl:connection_information/2) a sufficiently
high barrier? Why require one to start a connection in a special mode in
addition to making the explicit request for the parameters?
> What if someone thinks its a good idea to decrypt the data
> outside the TLS connection in the server and send it to an
> external logging server in the clear!
The server already has the plaintext that was transferred through the
TLS tunnel. TLS doesn't protect you from your peer, it protects you from
someone in the middle. :)
> What if someone decides to transfer the logs in an insecure way from
> the server!
Sure, but "malicious or poorly-thought-out TLS peers (or system
operators)" are -AFAICT- outside the scope of the protection that TLS
provides. Given that both OpenSSL and BoringSSL provide functions to
extract client/server random and master secret, it seems that there is a
legitimate (if niche) reason for exposing this information to clients.
I mean, the Erlang ssl module allows you to turn off BEAST mitigation
and the block cypher padding check. These options are arguably more
dangerous than what's being discussed (as they weaken TLS's MITM
protections (leaving you open to POODLE and BEAST)) but they are _very_
useful in certain niche situations.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the erlang-questions