Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Triple Handshake Cookie Cutter SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Triple Handshake Cookie Cutter

Researches have released a paper describing several vulnerabilities in TLS (Transport Layer Security). Some of the attacks have been known for a while, but the paper combines and explains them nicely, and also adds a couple of really clever new ideas. The tricks rely on cutting sessions off and re-starting them in a way that client and server end up with a different (security) state. The full research is available here The good news is that (a) the main impact is apparently limited to connections that use client-side certificates, which is rare, and (b) the researchers have informed the browser vendors early on, and some browsers and TLS libraries are already patched.


385 Posts
ISC Handler
Mar 4th 2014
Rare is not unimportant. Client side certificates are important for the more sensitive applications, such as firmware reflashing of modern avionics gear!

133 Posts
Some encryption and authentication certificates are picked up using sessions with client side certificates.
G.Scott H.

48 Posts

Sign Up for Free or Log In to start participating in the conversation!