Mfcttrf

Approximating an expression for a potential

What are the limitations of the Hendersson-Hasselbalch equation?

A verb for when some rights are not violated?

Write The Shortest Program to Calculate Height of a Binary Tree

In MTG, was there ever a five-color deck that worked well?

Plotting Autoregressive Functions / Linear Difference Equations

Is there a way to improve my grade after graduation?

Is the first page of a novel really that important?

What could prevent players from leaving an island?

Make lens aperture in Tikz

Getting Lost in the Caves of Chaos

Probably terminated or laid off soon; confront or not?

how to change dot to underline in multiple file-names?

Is an "are" omitted in this sentence

Should I use (1,3) or (1-3) or (4)?

How do I show and not tell a backstory?

Is there a command-line tool for converting html files to pdf?

Formal mathematical definition of renormalization group flow

Can attackers change the public key of certificate during the SSL handshake

Can the Cauchy product of divergent series with itself be convergent?

How to win against ants

Did Logical Positivism fail because it simply denied human emotion?

If someone else uploads my GPL'd code to Github without my permission, is that a copyright violation?

Repeated! Factorials!

Can attackers change the public key of certificate during the SSL handshake

Is Spoofing a CA signed certificate possible?Client Certificate in SSL HandShake insecure?Can attackers steal SSL certificate from server and use it for MITM attacks?Does mutual authentication have any impact on MiTM possibilities?How the process of SSL handshake works?Server authentication during the SSL handshakeSpecific clarification on how https server public key is trustedWhat happens when attacker disrupts the ssl handshake?Can a man in the middle hear half the HTTPS conversationPossibility of Man in the Middle attack in SSL Protocol during initial Handshake

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

3

The communication is not encrypted during the SSL handshake. If an attacker conducts a man in the middle attack between server and client to capture the certificate, and change the public key in the certificate and send it to client, then the digital signature is same, all the properties except public key are same.

So how can a browser understand the difference? If browser validates it, the attacker can use his/her own key pair and doesn't need the private key of the server.

tls man-in-the-middle digital-signature handshake

share|improve this question

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

add a comment | 

3

The communication is not encrypted during the SSL handshake. If an attacker conducts a man in the middle attack between server and client to capture the certificate, and change the public key in the certificate and send it to client, then the digital signature is same, all the properties except public key are same.

So how can a browser understand the difference? If browser validates it, the attacker can use his/her own key pair and doesn't need the private key of the server.

tls man-in-the-middle digital-signature handshake

share|improve this question

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

add a comment | 

The communication is not encrypted during the SSL handshake. If an attacker conducts a man in the middle attack between server and client to capture the certificate, and change the public key in the certificate and send it to client, then the digital signature is same, all the properties except public key are same.

So how can a browser understand the difference? If browser validates it, the attacker can use his/her own key pair and doesn't need the private key of the server.

tls man-in-the-middle digital-signature handshake

share|improve this question

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

share|improve this question

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

share|improve this question

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

edited 5 hours ago

schroeder♦

84.3k3434 gold badges188188 silver badges226226 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

asked 8 hours ago

GreyGrey

2522 bronze badges

2 Answers
2

active

oldest

votes

6

At the end of the TLS negotiation (the "Finished" message), the client and the server take a hash of the entire conversation they've had so far, and they compare it. If it differs - as it would if someone performed a MitM attack on the certificate - then the connection is dropped.

To quote RFC 5246:

 The Finished message is the first one protected with the just
 negotiated algorithms, keys, and secrets. Recipients of Finished
 messages MUST verify that the contents are correct. Once a side
 has sent its Finished message and received and validated the
 Finished message from its peer, it may begin to send and receive
 application data over the connection.

share|improve this answer

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

add a comment | 

4

... change the public key in the certificate and send it to client. Digital signature is same, all the properties except public key are same. So how can browser understand the difference?

The browser checks that the signature of the certificates fits the certificate. Since the public key is included in the signature and the public key is changed, the signature no longer fits the certificate. Therefore the validation will fail.

share|improve this answer

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214689%2fcan-attackers-change-the-public-key-of-certificate-during-the-ssl-handshake%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

6

At the end of the TLS negotiation (the "Finished" message), the client and the server take a hash of the entire conversation they've had so far, and they compare it. If it differs - as it would if someone performed a MitM attack on the certificate - then the connection is dropped.

To quote RFC 5246:

 The Finished message is the first one protected with the just
 negotiated algorithms, keys, and secrets. Recipients of Finished
 messages MUST verify that the contents are correct. Once a side
 has sent its Finished message and received and validated the
 Finished message from its peer, it may begin to send and receive
 application data over the connection.

share|improve this answer

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

add a comment | 

6

At the end of the TLS negotiation (the "Finished" message), the client and the server take a hash of the entire conversation they've had so far, and they compare it. If it differs - as it would if someone performed a MitM attack on the certificate - then the connection is dropped.

To quote RFC 5246:

 The Finished message is the first one protected with the just
 negotiated algorithms, keys, and secrets. Recipients of Finished
 messages MUST verify that the contents are correct. Once a side
 has sent its Finished message and received and validated the
 Finished message from its peer, it may begin to send and receive
 application data over the connection.

share|improve this answer

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

add a comment | 

At the end of the TLS negotiation (the "Finished" message), the client and the server take a hash of the entire conversation they've had so far, and they compare it. If it differs - as it would if someone performed a MitM attack on the certificate - then the connection is dropped.

To quote RFC 5246:

 The Finished message is the first one protected with the just
 negotiated algorithms, keys, and secrets. Recipients of Finished
 messages MUST verify that the contents are correct. Once a side
 has sent its Finished message and received and validated the
 Finished message from its peer, it may begin to send and receive
 application data over the connection.

share|improve this answer

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

 The Finished message is the first one protected with the just
 negotiated algorithms, keys, and secrets. Recipients of Finished
 messages MUST verify that the contents are correct. Once a side
 has sent its Finished message and received and validated the
 Finished message from its peer, it may begin to send and receive
 application data over the connection.

share|improve this answer

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

answered 8 hours ago

gowenfawrgowenfawr

57k1212 gold badges124124 silver badges168168 bronze badges

4

... change the public key in the certificate and send it to client. Digital signature is same, all the properties except public key are same. So how can browser understand the difference?

The browser checks that the signature of the certificates fits the certificate. Since the public key is included in the signature and the public key is changed, the signature no longer fits the certificate. Therefore the validation will fail.

share|improve this answer

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges

add a comment | 

4

... change the public key in the certificate and send it to client. Digital signature is same, all the properties except public key are same. So how can browser understand the difference?

The browser checks that the signature of the certificates fits the certificate. Since the public key is included in the signature and the public key is changed, the signature no longer fits the certificate. Therefore the validation will fail.

share|improve this answer

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges

add a comment | 

... change the public key in the certificate and send it to client. Digital signature is same, all the properties except public key are same. So how can browser understand the difference?

The browser checks that the signature of the certificates fits the certificate. Since the public key is included in the signature and the public key is changed, the signature no longer fits the certificate. Therefore the validation will fail.

share|improve this answer

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges

share|improve this answer

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges

answered 6 hours ago

Steffen UllrichSteffen Ullrich

127k1717 gold badges223223 silver badges290290 bronze badges