Hi All,
I'm exploring the security of TLS for TCP/IP connections.
I would like to establish TLS connections using server certificates
(managing client certs via external or internal PKI is painful).
My understanding is that a TLS connection with a server cert
only identifies the server to the client. This leads to a MiTM
attack, where the mitm can impersonate the client because the server
has not verified the client.
My question is, if multiple servers are used, can this attack
(and possibly others) be avoided?
Example:
initiate_server: TLS connect with client
initiate_server: send encrypted data over TLS to client (including
target_server:port)
initiate server: TLS connect with target_server
initiate_server: send encrypted data over TLS to target_server (including listen
port, client, etc)
client: attempt TLS connection to target_server:port
target_server: accept TLS connection from client
client/target_server: verify additional encrypted data (from initiate_server)
to establish a connection
My apologies if this is obviously weak. I could not find much info on
the web related to this type of multi-connection approach using TLS.
Kris
--
Mr. Kristen J. Webb
Teradactyl LLC.
PHONE: 1-505-242-1091
EMAIL: kw...@teradactyl.com
VISIT: http://www.teradactyl.com
Home of the
True incremental Backup System
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
