Re: TLS with mutual authentication

[Joshua Wright <jwright () hasborg com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andy Deweirt wrote:
> I'm doing some security tests with a reverse proxy which performs
> mutual authentication using certificates. When sniffing the traffic I
> see something disturbing:
>
> Handshake Protocol: Certificate Request
>  Handshake Type: Certificate Request (13)
>  Length: 644
>  Certificate types count: 2
>  +Certificate types (2 types)
>    ... [the two types]
>  Distinguished Names Length: 639
>  +Distinguished Names (639 bytes)
>    ... [list of client certificates]
>
> Is that normal TLS v1 behavior? Is it normal that the server sends out
> client certificates? Should I worry about the security?

It's normal for both ends to share the public key information.  You can
actually click on the key inside of Wireshark, click File - Export -
Selected Packet Bytes, and save the certificate as a .cer file which
will be a valid DER-encoded file.

Without the private key content, however, the threat is minimal.  Good
eyes though. :)

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAknxqYUACgkQapC4Te3oxYwMMACfYmK5J2A0I8uWp9+oC0clbvPT
uokAn0CEvK1pHi3CgmnHCgxksCssirFL
=bMq3
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------