Re: [TLS] Broken browser behaviour with SCADA TLS

Colm MacCárthaigh <colm@allcosts.net> Wed, 04 July 2018 15:40 UTC

Return-Path: <colm@allcosts.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20BF5130E4F for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 08:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=allcosts-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PcN4geH5VuJU for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 08:40:27 -0700 (PDT)
Received: from mail-yb0-x231.google.com (mail-yb0-x231.google.com [IPv6:2607:f8b0:4002:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A73A4127AC2 for <tls@ietf.org>; Wed, 4 Jul 2018 08:40:27 -0700 (PDT)
Received: by mail-yb0-x231.google.com with SMTP id x10-v6so2210787ybl.10 for <tls@ietf.org>; Wed, 04 Jul 2018 08:40:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=allcosts-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Xn/WB7w8U6PPE4eyjMqPnCKG0CJS1uqyaaT02qX45R8=; b=MV6uyhjqbAB/u0ACK5KrK3Z7AS40Vezmp5aEL+thpxhme2UoOCVyZbZL2DKwFfm0oK Bt4ULbMSZnXT9Y2fD2Mf5WN8tcw4Htt2s10Tp4pia/r3Ie/5LSmiiFMbS9ZJ7IjJHlxz A3AXHhMEHJIYgMA0OvVqab+Tx22DJhINmsF7s42cOKzNn9z9Ql2tBfAR4qYQetxN0aKI fhwvwV6Ti8kHW94e9/eyVXn2P9J1s/K5uhL44hWpQnWs/YNZ4nGMR/JZrLHfQaPbxv2i /SIrvPps+DqJVqUUX4D8gki5AoGHXuC6/HoiorG8NGTYVyFCEsJBFHW8am2Jz/wsmzHl kzbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Xn/WB7w8U6PPE4eyjMqPnCKG0CJS1uqyaaT02qX45R8=; b=uQLiWi5oHGrZt7gDkP3gPJ2LY9VZey/wJYvpfFIMLYratkEwOEcVXzFbnd+pLbdyRd GmMFzxBgW7LejXo0SjhvM0nxvwF0+wyF+BbnPJnigqqkaFK2Zj3/LoDySWZVtxGOK4NE k/cszbbtQ3uFelSrVhva0qNOomyYaEt2rKvkZKSf2c2+hZkR4WTATenM1ZVJkJwJihNY iL+Jsq8kfEeO/frwAf6CCt5g24ovgZBvY79/07o8sjN5+ADS/IMwS695WrRehxdPONZO FB2pBgetNpR+MIcS1TpSfofmMV6gG/TOA0Iu8eQsmPYcPs2xtzKnxLGDFJiG22fabAnn k6Mg==
X-Gm-Message-State: APt69E2y9iYUpp8ib30O5KeeuPTnOKE1JNX+u8VPE7Jb3qFS12iZkPWR F3nRmg4c3Y1eYUBn/g8KcOIDAguPlkP/x1xAixmMVA==
X-Google-Smtp-Source: AAOMgpe1gzmxHob5h3Mmkz7fBI450h5tUjNW/Bs3u+iLIa8VVqSSu7QBL+cF5QahPEh9Trj+rlXJeAU5SaJHqvx1Wdc=
X-Received: by 2002:a25:2d44:: with SMTP id s4-v6mr1282017ybe.284.1530718826857; Wed, 04 Jul 2018 08:40:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:241:0:0:0:0:0 with HTTP; Wed, 4 Jul 2018 08:40:26 -0700 (PDT)
In-Reply-To: <CAF8qwaBTHfn7iBEaZ9QQ2ueP09Qn4J2s1sBWhqopTzq7eLF6ww@mail.gmail.com>
References: <1530687136897.97792@cs.auckland.ac.nz> <CABkgnnXsM2_PsL_YsuNEh6eDyp-R2d2JRm6OmGFh9nRAV5Lukg@mail.gmail.com> <20180704074101.GA19789@LK-Perkele-VII> <1530691044974.54956@cs.auckland.ac.nz> <20180704081519.GA20000@LK-Perkele-VII> <b8ecb2cfdac0495f188baf9df187c075e70c3a58.camel@redhat.com> <CAF8qwaBTHfn7iBEaZ9QQ2ueP09Qn4J2s1sBWhqopTzq7eLF6ww@mail.gmail.com>
From: =?UTF-8?Q?Colm_MacC=C3=A1rthaigh?= <colm@allcosts.net>
Date: Wed, 4 Jul 2018 08:40:26 -0700
Message-ID: <CAAF6GDfEV1OheLBcF5qO1=sk-f=p09-+EN42RBTZC_EGOQ0F2g@mail.gmail.com>
To: David Benjamin <davidben@chromium.org>
Cc: Nikos Mavrogiannopoulos <nmav@redhat.com>, "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ed1cd405702e3f69"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/07CFhR4Y-MGpIJ5HG4h_zh412WQ>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 15:40:31 -0000

On Wed, Jul 4, 2018 at 8:15 AM, David Benjamin <davidben@chromium.org>;
wrote:
>
> Indeed. The bad feedback was not even at a 2048-bit minimum, but a mere
> 1024-bit minimum. (Chrome enabled far more DHE ciphers than others, so we
> encountered a lot of this.) 2048-bit was completely hopeless. At the time
> of removal, 95% of DHE negotiations made by Chrome used a 1024-bit minimum.
> See here for details:
> https://groups.google.com/a/chromium.org/d/msg/blink-dev/
> ShRaCsYx4lk/46rD81AsBwAJ
>

>From the server side: we found that enforcing a 2048-bit size was
unworkable, it breaks clients that will negotiate DHE but then fail when
the exchange happens, including versions of Java. Because the breakage
happens post-handshake, there was little recourse to fix it. We did look at
fingerprinting the clients and trying to use a different size for those,
but even that led to too high an error rate. So we removed DHE in general
and use ECDHE for FS.

-- 
Colm