Re: [TLS] Broken browser behaviour with SCADA TLS

Colm MacCárthaigh <> Wed, 04 July 2018 15:40 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 20BF5130E4F for <>; Wed, 4 Jul 2018 08:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PcN4geH5VuJU for <>; Wed, 4 Jul 2018 08:40:27 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A73A4127AC2 for <>; Wed, 4 Jul 2018 08:40:27 -0700 (PDT)
Received: by with SMTP id x10-v6so2210787ybl.10 for <>; Wed, 04 Jul 2018 08:40:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Xn/WB7w8U6PPE4eyjMqPnCKG0CJS1uqyaaT02qX45R8=; b=MV6uyhjqbAB/u0ACK5KrK3Z7AS40Vezmp5aEL+thpxhme2UoOCVyZbZL2DKwFfm0oK Bt4ULbMSZnXT9Y2fD2Mf5WN8tcw4Htt2s10Tp4pia/r3Ie/5LSmiiFMbS9ZJ7IjJHlxz A3AXHhMEHJIYgMA0OvVqab+Tx22DJhINmsF7s42cOKzNn9z9Ql2tBfAR4qYQetxN0aKI fhwvwV6Ti8kHW94e9/eyVXn2P9J1s/K5uhL44hWpQnWs/YNZ4nGMR/JZrLHfQaPbxv2i /SIrvPps+DqJVqUUX4D8gki5AoGHXuC6/HoiorG8NGTYVyFCEsJBFHW8am2Jz/wsmzHl kzbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Xn/WB7w8U6PPE4eyjMqPnCKG0CJS1uqyaaT02qX45R8=; b=uQLiWi5oHGrZt7gDkP3gPJ2LY9VZey/wJYvpfFIMLYratkEwOEcVXzFbnd+pLbdyRd GmMFzxBgW7LejXo0SjhvM0nxvwF0+wyF+BbnPJnigqqkaFK2Zj3/LoDySWZVtxGOK4NE k/cszbbtQ3uFelSrVhva0qNOomyYaEt2rKvkZKSf2c2+hZkR4WTATenM1ZVJkJwJihNY iL+Jsq8kfEeO/frwAf6CCt5g24ovgZBvY79/07o8sjN5+ADS/IMwS695WrRehxdPONZO FB2pBgetNpR+MIcS1TpSfofmMV6gG/TOA0Iu8eQsmPYcPs2xtzKnxLGDFJiG22fabAnn k6Mg==
X-Gm-Message-State: APt69E2y9iYUpp8ib30O5KeeuPTnOKE1JNX+u8VPE7Jb3qFS12iZkPWR F3nRmg4c3Y1eYUBn/g8KcOIDAguPlkP/x1xAixmMVA==
X-Google-Smtp-Source: AAOMgpe1gzmxHob5h3Mmkz7fBI450h5tUjNW/Bs3u+iLIa8VVqSSu7QBL+cF5QahPEh9Trj+rlXJeAU5SaJHqvx1Wdc=
X-Received: by 2002:a25:2d44:: with SMTP id s4-v6mr1282017ybe.284.1530718826857; Wed, 04 Jul 2018 08:40:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a81:241:0:0:0:0:0 with HTTP; Wed, 4 Jul 2018 08:40:26 -0700 (PDT)
In-Reply-To: <>
References: <> <> <20180704074101.GA19789@LK-Perkele-VII> <> <20180704081519.GA20000@LK-Perkele-VII> <> <>
From: =?UTF-8?Q?Colm_MacC=C3=A1rthaigh?= <>
Date: Wed, 4 Jul 2018 08:40:26 -0700
Message-ID: <>
To: David Benjamin <>
Cc: Nikos Mavrogiannopoulos <>, "<>" <>
Content-Type: multipart/alternative; boundary="000000000000ed1cd405702e3f69"
Archived-At: <>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Jul 2018 15:40:31 -0000

On Wed, Jul 4, 2018 at 8:15 AM, David Benjamin <>
> Indeed. The bad feedback was not even at a 2048-bit minimum, but a mere
> 1024-bit minimum. (Chrome enabled far more DHE ciphers than others, so we
> encountered a lot of this.) 2048-bit was completely hopeless. At the time
> of removal, 95% of DHE negotiations made by Chrome used a 1024-bit minimum.
> See here for details:
> ShRaCsYx4lk/46rD81AsBwAJ

>From the server side: we found that enforcing a 2048-bit size was
unworkable, it breaks clients that will negotiate DHE but then fail when
the exchange happens, including versions of Java. Because the breakage
happens post-handshake, there was little recourse to fix it. We did look at
fingerprinting the clients and trying to use a different size for those,
but even that led to too high an error rate. So we removed DHE in general
and use ECDHE for FS.