On 09.Apr.2014, at 22:12, Peter peter@pajamian.dhs.org wrote:
On 04/10/2014 03:09 AM, Markus Falb wrote:
I am assuming that client certificates are handed out to staff. Basically you can't really control where people install client certificates and which client software is used. If one is tricked to do a SSL Handshake with a malicious server, the key of the client certificate is leaked. Reissue of the cert won't help because on the other day there would be another malicious handshake with another bad server...
No, the server never sees a private client certificate, it only ever has access to the public certificate, which by its very nature of being public doesn't really matter if it gets leaked.
I know.
No vulnerability on the server can expose a private client certificate, only a vulnerability on the client can.
With malicious server I did not meant one that was affected by heartbleed but a server which is run by bad people that want to exploit vulnerable clients.
If it's easy to write a malicious client to read the server's ram, it's maybe easy to write a malicious server that can read the client's ram? Does heartbleed work in both directions?
Assume that the client uses a vulnerable openssl, and it connects to a malicious server, can the server read the ram of the client?