Re: h2 ciphers

Stefan Eissing <stefan.eissing@greenbytes.de> Fri, 16 October 2015 13:39 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8A131B2B34 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Oct 2015 06:39:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.312
X-Spam-Level:
X-Spam-Status: No, score=-6.312 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QTGsbto1dxCK for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 16 Oct 2015 06:39:35 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B41E1B2B4D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 16 Oct 2015 06:39:33 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Zn5Bj-0002Uq-5N for ietf-http-wg-dist@listhub.w3.org; Fri, 16 Oct 2015 13:36:51 +0000
Resent-Date: Fri, 16 Oct 2015 13:36:51 +0000
Resent-Message-Id: <E1Zn5Bj-0002Uq-5N@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <stefan.eissing@greenbytes.de>) id 1Zn5Be-0002U4-TA for ietf-http-wg@listhub.w3.org; Fri, 16 Oct 2015 13:36:46 +0000
Received: from mail.greenbytes.de ([217.91.35.233]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <stefan.eissing@greenbytes.de>) id 1Zn5BZ-0004NB-Ra for ietf-http-wg@w3.org; Fri, 16 Oct 2015 13:36:46 +0000
Received: from [192.168.1.48] (unknown [87.78.174.25]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 9AFEC15A035F; Fri, 16 Oct 2015 15:36:17 +0200 (CEST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\))
From: Stefan Eissing <stefan.eissing@greenbytes.de>
In-Reply-To: <5620F6C1.9080200@treenet.co.nz>
Date: Fri, 16 Oct 2015 15:36:16 +0200
Cc: ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7F268166-1551-4A19-BCFD-F1136D334D52@greenbytes.de>
References: <47048ED2-374F-4542-A4DC-C1F39AD26C0A@greenbytes.de> <5620F6C1.9080200@treenet.co.nz>
To: Amos Jeffries <squid3@treenet.co.nz>
X-Mailer: Apple Mail (2.3094)
Received-SPF: pass client-ip=217.91.35.233; envelope-from=stefan.eissing@greenbytes.de; helo=mail.greenbytes.de
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: AWL=-2.205, BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1Zn5BZ-0004NB-Ra 675a1823b5a391a933c2de89624cb7fe
X-Original-To: ietf-http-wg@w3.org
Subject: Re: h2 ciphers
Archived-At: <http://www.w3.org/mid/7F268166-1551-4A19-BCFD-F1136D334D52@greenbytes.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/30372
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> Am 16.10.2015 um 15:08 schrieb Amos Jeffries <squid3@treenet.co.nz>:
> 
> On 16/10/2015 11:35 p.m., Stefan Eissing wrote:
>> In the documentation at https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility the "modern" compatibility specification includes the following ciphers:
>> [...]

>> but RFC 7540 includes TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ECDHE-RSA-AES128-SHA) and all those others as a MAY for INADEQUATE_SECURITY.
>> 
>> Now, assuming I got the cipher names correct, what am I to check for? Shall I be liberal in what I accept - again?
> 
> The RFC is the specification. If a browser does not follow it that is a
> bug in their implementation (or maybe just their documentation), do not
> make matters worse by adding a bug to your code.

I do not want to, but see my other mail about ALPN+cipher timing that seems to make this difficult.

> HTTP/2 was designed to be implemented from a clean-slate situation.

Insert "on the client side", please.

> Everybody is building new code based on the same spec, so there is no
> legacy behaviours to be tolerant about. Methods of extending the
> protocol are also explicitly defined and explicitly negotiated when used
> to make feature support (or lack of it) a defined state within the
> protocol itself.

The problem seems to be that during ALPN selection, the TLS connection is not in a defined state. I seem to be unable to verify all requirements before code gives an answer to the selected protocol. And that might have nothing to do with the specification but with the TLS APIs. And there certainly is no clean slate there.

If this cannot be solved in code, we can only address this in configuration documentation. Which sucks.

//Stefan