Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] SSL: export channel binding values as variables

Steffen Kieß
May 31, 2021 03:42PM
Hello,

On 31.05.21 18:36, Maxim Dounin wrote:
>
> Thanks for the patch. You may want to elaborate a bit more on how
> do you expect these variables to be used.
>
> [...]
>

These variables can be used to implement authentication with channel
binding in an http application.

There are two channel binding types:

- tls-unique: This is a value which will be different for every
connection. Even if an attacker manages to perform a MitM attack (e.g.
because he stole the private key of the server) the tls-unique value for
the connections client<->attacker and for the connections
attacker<->server will be different. This means an authentication
protocol which uses channel binding will detect the attacker. This is
used e.g. by RFC8120:
https://datatracker.ietf.org/doc/html/rfc8120#section-7

- tls-server-end-point: This is a hash over the server certificate.
Unlike tls-unique this will not detect an attack where the attacker has
stolen the server key, but it will detect e.g. when a CA was compromised
or when the user asked the browser to connect despite the certificate
being invalid.
tls-server-end-point is also used e.g. by SPNEGO-based HTTP
authentication (https://datatracker.ietf.org/doc/html/rfc4559, often
used single-sign-on in web application using Kerberos).
Unlike tls-unique tls-server-end-point can be implemented without
support by NGINX (by putting the server certificate into the
configuration of the web application), but this is fragile (e.g. when
the server certificate is changed) and will not work at all when the
server is configured with multiple certificates (because the web
application cannot know which one was used).

I've attached a flask application + a client which shows how this can be
used, the required configuration in NGINX (when using fastcgi) is:

fastcgi_param SSL_CHANNEL_BINDING_TLS_UNIQUE
$ssl_channel_binding_tls_unique;
fastcgi_param SSL_CHANNEL_BINDING_TLS_SERVER_END_POINT
$ssl_channel_binding_tls_server_end_point;

Running the client will print:
python3 client.py https://localhost:1443
Client tls-unique b'AF6E9B00BE510405DEA0EC53'
Client tls-server-end-point
8cedd6e65cae9d1304163e0331a3e9bc8e0312bee92ac4f1ac5f972ceaddf08e
Repsonse from server
b'{"SSL_CHANNEL_BINDING_TLS_SERVER_END_POINT":"8cedd6e65cae9d1304163e0331a3e9bc8e0312bee92ac4f1ac5f972ceaddf08e","SSL_CHANNEL_BINDING_TLS_UNIQUE":"af6e9b00be510405dea0ec53"}\n'

(And the values seen by the client and the server should be the same.)


Best regards,
Steffen Kieß
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[PATCH] SSL: export channel binding values as variables

Steffen Kieß 622 May 31, 2021 12:02PM

Re: [PATCH] SSL: export channel binding values as variables

Maxim Dounin 222 May 31, 2021 12:36PM

Re: [PATCH] SSL: export channel binding values as variables

Steffen Kieß 211 May 31, 2021 03:42PM

Re: [PATCH] SSL: export channel binding values as variables

Maxim Dounin 186 May 31, 2021 07:10PM

Re: [PATCH] SSL: export channel binding values as variables

Steffen Kieß 212 June 01, 2021 12:40PM

Re: [PATCH] SSL: export channel binding values as variables

Maxim Dounin 263 June 02, 2021 06:20PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 328
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready