8

Through reading from multiple sources and watching Security Now's How the Heartbleeds, I have come to the understanding that the following procedure is recommended to be safe from the Heartbleed vulnerability (assuming that the user's browser reacts correctly to revoked TLS certificates, which I know may not be the case for all browsers right now, but let's leave this issue aside for the moment):

  1. Upgrade to a patched version of openssl
  2. Regenerate the TLS certificate (rekey)
  3. Revoke the previous certificate

Doing the previous steps would:

  • Prevent exploitation of the Heartbleed vulnerability to steal the new key (because of 1. and 2.)
  • Protect users from Man in the Middle attacks using a stolen key (because of 3.)

Now, I know that there are multiple tools to see if a website is currently unsafe (1. did not update) or potentially vulnerable (2. did not rekey), but how can I know if a website revoked its previous certificates?

I believe I could check for a specific key (if it is known) using tools (which I assume use OCSP or CRLs), but is there a way to access previous keys of a website?

It is purely out of curiosity, but I would like to verify when a website says "we are safe now" that they really did revoke their certificates as well as update openssl and regenerate the keys.

Thank you very much for your precious time and pardon the potential mistakes caused by my lack of knowledge in the field of information security.

Jesse Emond
  • 191
  • 6
  • @downvoter: could I know what is inappropriate with my question? I honestly searched for a little while for an answer to my question without success. I thought this stackexchange would be a good start to learn what I misunderstood. – Jesse Emond Apr 16 '14 at 01:46
  • interesting; i'd like to know this too, esp. a way (tool) to check, if a certain cert was revoked – that guy from over there Apr 16 '14 at 06:05
  • I saw myself listening to the same Security Now! podcast scratching my head thinking the same thing. +1 for pre-empting my doubts, subject relevance, research and formatting of the question. Also would like to know the reasons behind downvoting... – Lex Apr 16 '14 at 08:17

1 Answers1

6

I find the question useful, because it is actually hard to find out if a certificate got revoked the right way.

  • If you know who issued the original certificate you can download the CRLs (which contains only the serial numbers and the date of revocation, not the revoked certificate itself). If not you are out of luck.
  • If you know the serial number of the old certificate you can check if it is in the CRL list. If you don't know the original serial number you have no chance to check the revocation.
  • If you found out that the certificate got revoked you still don't know if the owner is just reusing its old and probably compromised public/private key pair again with the new certificate. Without having the old certificate you will never know.

So the best thing would be if the owner would make the old certificate (but not the private key) accessible, so that others could verify the correctness of the verification.

At the end it shows again, that the current PKI architecture and not only the TLS implementations are broken. Did you ever wonder why new browser versions got shipped on all the major CA problems (DigiNotar + Comodo 2011, IGC/A 2013)? Because the revocation as originally designed just does not work correctly.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434