The consequences of your SSL certificate getting compromised

September 30, 2008

Suppose that your web server's SSL certificate's private key is compromised and stolen by an attacker. Further suppose that you detect this and replace the compromised certificate with a new one. Now, here's a question: what damage can the attacker still do with their stolen certificate?

  • they can impersonate your web server. In theory they can only do this until their stolen certificate expires; in practice, I think that many users ignore 'expired certificate' errors because they are relatively common.

    (SSL certificate revocation would protect against this, if it worked.)

  • they may be able to decrypt any past SSL conversations that they've already captured, depending on what cipher was used.

The attacker cannot decrypt future SSL conversations, because those will be protected by your new certificate even if the SSL conversation uses a cipher without forward secrecy.

If the attacker compromised a wildcard certificate they can imitate any of your web servers, regardless of what certificate the web server normally uses, but can only potentially decrypt past conversations from web servers that used the wildcard certificate. (Of course, if you went to the bother and expense of getting a wildcard certificate, you're probably going to use it on all of your web servers.)

I believe that the only relatively certain way of stopping an attacker's use of the stolen certificate is to remove the name from your DNS. Of course, this often presents certain difficulties.

(It is not safe to turn the compromised name into a website that just redirects people to the new name, because that means that users are still using the old name; the attacker could interpose their fake version and just not redirect to your new name.)

Written on 30 September 2008.
« Using Python to find out what cipher a SSL server is using
Another consequence of the Debian OpenSSL security bug »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Tue Sep 30 22:51:45 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.