Hi,
I want to secure a localhost connection and therfore I want to use the SSL mode which creates a temporary server certificate instead of loading a static certificate from a keystore.
How do I have to initialize my SSLContext to ge a SSLServerSocketFactory that uses a temporary Certificate.
Jan
> I want to secure a localhost connection.
First question, why?
> and therfore
> I want to use the SSL mode which creates a temporary
> server certificate instead of loading a static
> certificate from a keystore.
There is no such mode. Creating a temporary certificate is compute-intensive and takes time.
Again, why do you think you want to do this? What's wrong with using a local keystore?
> > I want to secure a localhost connection.
>
> First question, why?
I want to secure it against sniffing attacks. These attacks are possible on multi user systems or if the system is infected with a Trojan or something similar. I know that I does not get a "perfect secured connection" but I want to make it as complicated as possible for an attacker.
> > and therefore
> > I want to use the SSL mode which creates a
> temporary
> > server certificate instead of loading a static
> > certificate from a keystore.
>
> There is no such mode.
Sorry but I think you are wrong. The usage of temporary RSA keys is for example described in the RFC2245 (SSLv3):
http://www.ietf.org/rfc/rfc2246.txt
> Creating a temporary
> certificate is compute-intensive and takes time.
That doesn't matter.
> Again, why do you think you want to do this? What's
> wrong with using a local keystore?
If I use a local store I have to use a self signed certificate which is untrusted in the browser. The user gets a warning message which hav eto be passed. Therfore learns the user learns that it has no consequences to bypass a certitificate-warning shown by the browser.
Jan
> > There is no such mode.
>
> Sorry but I think you are wrong. The usage of
> temporary RSA keys is for example described in the
> RFC2245 (SSLv3):
> http://www.ietf.org/rfc/rfc2246.txt
That's a temporary RSA key, not a temporary certificate. Not the same thing at all and there is no suggestion in RFC2246 that the temporary RSA key can be used for authentication. BTW all that is now obsolete as the US export restriction was lifted some years ago.
> If I use a local store I have to use a self signed
> certificate which is untrusted in the browser.
Why not get a proper cert?
> That's a temporary RSA key, not a temporary
> certificate.
Ok, that's a point.
Additionally, I have read the corresponding parts of the TLS-protocol (rfc2246).
http://www.faqs.org/rfcs/rfc2246.html
I found out that what I want to do is the "anonymous-mode" and does not even need an RSA key.
I found five Cipher-Specs, marked as deprecated because of their vulnerability to man-in-the-middle attacks (i know that).
CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5= { 0x00,0x17 };
CipherSuite TLS_DH_anon_WITH_RC4_128_MD5= { 0x00,0x18 };
CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA= { 0x00,0x1A };
CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA= { 0x00,0x1B };
Ok, RC4 is **** and DES too. Remains one usable cipher (3DES).
But it looks like I can forget using ehis cipher suite.
I found all "anonymous" or "null" cipher suites marked as insecure in firefox and opera by default. So I can not encrypt the connection whithout having a warning message popping up.
At this point I give up using the anonymous mode but I now have some serious arguments for my diploma thesis why I could not encrypt this connection...
> > If I use a local store I have to use a self signed
> > certificate which is untrusted in the browser.
>
> Why not get a proper cert?
Do you think that there is a trustcenter which sells me server certificate for "https://localhost"?
BTW: If you notive four stars in my posting, that was the automatic censorship which does not allow to write the simple word c-r-a-p.
What did happen to the americans and their proudness of "free speech" *?
Jan
I've been following this thread and I don't quite yet understand what the security threat model is (for example, local connections should be secure against sniffing but not man-in-the-middle attacks).
As far as I know, browsers do not have a fine-grained enough configurability to permit unauthenticated connections to https://localhost but reject them everywhere else.
Why can't the local connection be made using the domain name, or public internet address, of an interface on the machine? In other words, even for connections from a client on host A to a server on host A, use https://hostA.mydomain.com/.
> As far as I know, browsers do not have a fine-grained
> enough configurability to permit unauthenticated
> connections to https://localhost but reject them
> everywhere else.
That is the problem...
> Why can't the local connection be made using the
> domain name, or public internet address, of an
> interface on the machine? In other words, even for
> connections from a client on host A to a server on
> host A, use https://hostA.mydomain.com/.
Of course you can use the local name instead of localhost. The problem is that I want to use it for securing a web-based user-interface and therefore the local webserver need to be able to work on every common computer. Therefore I do not know the local name of the server for using it. The only address all computers have in common is "localhost"...
Jan
> Isn't all you need a proper certificate and a custom
> implementation of javax.net.ssl.HostnameVerifier?
If the ssl/tls client is a java program, yes but in my case the client is a regular browser (IE; Firefox, Opera...) which does check if the certifcate is valid and signed by a common trustcenter.
Jan
What you are asking for is a contradiction in terms. If the browser requires a certificate which agrees with the hostname *and* which is signed by a trusted third party, you cannot generate it at the server, even if Java provided you a way of generating it, which it doesn't. You can only generated self-signed certs with Java.
I think I understand. Another way of stating your problem is that you have too many hosts to possibly buy certificates for them all, and you don't even know all of them ahead of time anyway.
I can't think of any good solutions. If your security model allows all these hosts to share a private key (and if you have some acceptable way of securing the private key on all these hosts) then one ugly hack you can try is to pick a hostname in your domain that you will never use, say gtrklkj.mydomain.com, and get a real certificate for this host. Use this as the server certificate on everyhost. You'll have to have the private key as well on each host. Then modify the /etc/hosts file (even Windows has such a file) to point gtrklkj.mydomain.com to the localhost.
