This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

It is a little bit tricky, but I'd like to know if a SSL server serving two different common name can reuse the same SSL Session ID when these request actually point on different common name ?

It is not somehting I try to do but something I've got on my network and I'd like to figure out.

To clarify, let's assume a client makes two requests:

host_01.com and host_02.com have different IP addresses that could actually point on the same server.

asked 04 Jan '16, 08:26

Shared%20Trash's gravatar image

Shared Trash
1112
accept rate: 0%

edited 04 Jan '16, 09:03


From RFC 4346:

session identifier An arbitrary byte sequence chosen by the server to identify an active or resumable session state.

Thus it seems to me to be possible to get the same session ID for 2 different sessions, the server would have to differentiate the session ID's for each session as they will refer to a different session state.

permanent link

answered 04 Jan '16, 08:55

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thanks grahamb for your quick answser. But mod_ssl and other popular/common ssl modules don't usually do that, it may mean that owner of this server had written some specific code to do so ?

(04 Jan '16, 09:06) Shared Trash

Do note that the Session ID is established by the server. It would be a bit silly for a server to send the same session identifier twice as that would associate different secrets to the same session ID. (The Client Random is also incorporated in the master secret calculation, hence the server cannot force the use of exactly the same master secret.)

From RFC 5246 (TLS 1.2):

session identifier
An arbitrary byte sequence chosen by the server to identify an active or resumable session state.

and:

The client sends a ClientHello using the Session ID of the session to be resumed. The server then checks its session cache for a match. If a match is found, and the server is willing to re-establish the connection under the specified session state, it will send a ServerHello with the same Session ID value.

Even if an attacker manages to capture the Session ID, he cannot send it to the server and impersonate the victim client as he does not posess master secret related to that session ID (see section F.1.4. Resuming Sessions for details).

On a related topic, in 2014, Delignat-Lavaud and Bhargavan presented the Virtual Host confusion attack which makes it possible to redirect traffic to a different vhost. Another attack related to session resumption (from the same authors and Pironti) is the Triple Handshake Attack which makes it possible for an active attacker to intercept and modify traffic.

permanent link

answered 04 Jan '16, 13:28

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×21
×11

question asked: 04 Jan '16, 08:26

question was seen: 3,261 times

last updated: 04 Jan '16, 13:28

p​o​w​e​r​e​d by O​S​Q​A