Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] Paho Java Client SSL Security Vulnerability
Alex,

thanks for pointing this out.  This should be in a bug.  Do you want to raise it, or shall I?

Ian

On 06/01/14 10:50, Alex Helder wrote:
The Paho Java client does not perform peer verification on the connected socket. This allows peer spoofing / MITM attacks.

Proposed Solution #1

Like HttpsURLConnection, the IMQTTClient interface could get something like the following:

void setHostnameVerifier(HostnameVerifier hv);

where Java5 built-in HostNameVerifier interface is either reused as-is or inspires a Paho equivalent.


Proposed Solution #2
Instead of SSLNetworkModule / TCPNetworkModule creating a disconnected socket via

SocketFactory.createSocket(), use SocketFactory.createSocket(String hostname, int port)

A custom SSLFactory implementation could look like:

class MySSLSocketFactory {

    SSLSocketFactory delegate;

    SSLSocket createSocket(String hostname, int port) throws IOException {
        SSLSocket s = delegate.createSocket(hostname, port);
        s.startHandshake();
        verifyHostName(s, host);
    }

    void verifyHostName(Socket s, String host) {
        // Throw exception if fail verification
    }
}

In any case, I think the Paho client should not create a disconnected socket; this allows the SSLSocketFactory to apply alternative settings and policies on the created socket.

Note: Java 7 has X509ExtendedTrustManager which is a connection-sensitive trust manager. This may also be leveraged in the future, but is relatively new.



_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/paho-dev

Back to the top