This is the main weakness in SSL. It almost never uses ephemeral keys, and even then it still uses the same ephemeral keys for as long as the daemon is running. The result is that known text attacks are feasable.

The solution is to use IKE/IPSec or SSH. These both use PFS which changes the DH keys throughout the transmission. Attacks like these would be much harder to do.

If you think this latest vulnerability was scary, just wait. There are a lot of companies out there like Aventail and SUN touting the SSL "VPN." This is snake oil. SSL is not a good solution for anything but ordering a book off Amazon. This latest attack was just the beginning. In the near future we are going to see exploits against SSL "VPNs" that will bring companies' security to its knees.

SSLv3 and TLS should only be used as a last result. Stick with IPSec and SSHv2 when possible.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/2583/18297#18297