IETF Logo Mail Archive

Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Thu, 18 September 2014 18:52 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C0B7D1A03AC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Sep 2014 11:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.554
X-Spam-Level:
X-Spam-Status: No, score=-8.554 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BhbhRnF9z-kT for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 18 Sep 2014 11:52:10 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 998F11A0475 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 18 Sep 2014 11:52:10 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1XUglr-0002t6-C9 for ietf-http-wg-dist@listhub.w3.org; Thu, 18 Sep 2014 18:49:35 +0000
Resent-Date: Thu, 18 Sep 2014 18:49:35 +0000
Resent-Message-Id: <E1XUglr-0002t6-C9@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ilari.liusvaara@elisanet.fi>) id 1XUglV-0002rD-AJ for ietf-http-wg@listhub.w3.org; Thu, 18 Sep 2014 18:49:13 +0000
Received: from emh07.mail.saunalahti.fi ([62.142.5.117]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <ilari.liusvaara@elisanet.fi>) id 1XUglU-00062G-4q for ietf-http-wg@w3.org; Thu, 18 Sep 2014 18:49:13 +0000
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh07.mail.saunalahti.fi (Postfix) with ESMTP id 0034C4078; Thu, 18 Sep 2014 21:48:47 +0300 (EEST)
Date: Thu, 18 Sep 2014 21:48:47 +0300
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Simone Bordet <simone.bordet@gmail.com>
Cc: Patrick McManus <pmcmanus@mozilla.com>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20140918184847.GA25706@LK-Perkele-VII>
References: <CAH_y2NErRd4rxinSzEH3-uTjdWVkZu9o6sSKSf47LxfPFTRONw@mail.gmail.com> <20140917073241.GA7665@LK-Perkele-VII> <CAFewVt4pxE+9NpzYuzMKGmEdrDXzk50mC99ZbrM6M-uEoKXrHA@mail.gmail.com> <CAH_y2NGYcDvPcxDvaTRBP3p4Pnb7gw39WUDY3bNVnOGQjBgciQ@mail.gmail.com> <CAFewVt7+UAJYfKAR6DRZi_mqdzSaYw6L-pT1qg=UyOaP1ojhTw@mail.gmail.com> <CAH_y2NEhAEaPiUgi_vX6Oimw+Y-k3WrnL0gJZKPxQ8KZVuFVfw@mail.gmail.com> <CABkgnnU6C+TzJzdeQZhwXucuPUrPh1yyp1cpRd9jSePMjAnONQ@mail.gmail.com> <CAH_y2NEHZbWLof=ZWEa2UdjBw1Bf+kQCHzPkrhcSU80WaDibeA@mail.gmail.com> <CAOdDvNrdrBNi0kZDorR+8K-5-sPFipVr=U0kx5r56oPX_LhJSA@mail.gmail.com> <CAFWmRJ2zq2TOotgNhHNNoPMWfov8_T+ukN_o0Bq8NmaMXZKqEQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAFWmRJ2zq2TOotgNhHNNoPMWfov8_T+ukN_o0Bq8NmaMXZKqEQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Received-SPF: pass client-ip=62.142.5.117; envelope-from=ilari.liusvaara@elisanet.fi; helo=emh07.mail.saunalahti.fi
X-W3C-Hub-Spam-Status: No, score=-3.2
X-W3C-Hub-Spam-Report: AWL=-3.209, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1XUglU-00062G-4q 5a247372e3973eedd4a2c9073e909f6e
X-Original-To: ietf-http-wg@w3.org
Subject: Re: 9.2.2 Cipher fallback and FF<->Jetty interop problem
Archived-At: <http://www.w3.org/mid/20140918184847.GA25706@LK-Perkele-VII>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/27128
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On Thu, Sep 18, 2014 at 06:20:21PM +0200, Simone Bordet wrote:
> Hi,
> 
> >
> > The scenario as I understand it is:
> > 1] some new XYZ is in fact h2 appropriate by 9.2.2,
> > 2] a client handshake offers both XYZ and GCM along with h2 and h1
> > 3] the server selects XYZ+h2 (which meet the requirements of h2 - good job)
> > 4] The client's h2 stack, expecting GCM, is not aware that XYZ satisfies
> > 9.2.2 so it generates an h2 INADEQUATE_SECURITY
> >
> > I would say that's an implementation bug in the client.

Also, can happen the other way:

1) Client prefers XYZ (9.2.2 compliant, and client knows that) over GCM.
2) Client offers both ciphers (with XYZ first) and both h2 and h1.
3) Someone has added XYZ to server TLS stack, and it picks first one it
   supports (XYZ), or server even prefers XYZ.
4) There is version skew and server h2 stack doesn't probe TLS stack,
   so server h2 stack doesn't know about XYZ -> generates
   INADEQUATE_SECURITY.


> Any client that dynamically links the TLS implementation is subject to
> this scenario, and certainly it's not an implementation bug in the
> client if a deployer chooses to link that client to a newer TLS
> library, no ?

Furthermore, if using some general-purpose TLS stack, like GnuTLS,
OpenSSL, LibReSSL, PolarSSL and couple others, such dynamic linking
is best practice.


I have seen version skew disabling features with both app and library
from autoupdate. And also distributors patching applications and
libraries for dynamic linking.



-Ilari

v2.39.1 | Report a Bug | By Email | System Status