Re: [TLS] Another IRINA bug in TLS

Hubert Kario <hkario@redhat.com> Mon, 25 May 2015 12:54 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACD461A898D for <tls@ietfa.amsl.com>; Mon, 25 May 2015 05:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i3XWLTl8Jrdz for <tls@ietfa.amsl.com>; Mon, 25 May 2015 05:54:50 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 809861A899D for <tls@ietf.org>; Mon, 25 May 2015 05:54:50 -0700 (PDT)
Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t4PCsmFJ015119 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 25 May 2015 08:54:48 -0400
Received: from pintsize.usersys.redhat.com (dhcp-0-197.brq.redhat.com [10.34.0.197]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t4PCsl4G026068 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Mon, 25 May 2015 08:54:48 -0400
From: Hubert Kario <hkario@redhat.com>
To: Karthikeyan Bhargavan <karthik.bhargavan@gmail.com>
Date: Mon, 25 May 2015 14:54:39 +0200
Message-ID: <1854255.99pv4gbKBC@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.7 (Linux/3.19.7-200.fc21.x86_64; KDE/4.14.7; x86_64; ; )
In-Reply-To: <3B25BA9D-BC3C-4F7E-9C39-341738CF8BE3@gmail.com>
References: <CACsn0ckaML0M_Foq9FXs5LA2dRb1jz+JDX7DUej_ZbuSkUB=tQ@mail.gmail.com> <61EBC3C9-0C0E-499E-9108-2432D9201FDB@gmail.com> <3B25BA9D-BC3C-4F7E-9C39-341738CF8BE3@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart2721732.I0YJ9b1Wxd"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1AmiDdgZ4HXMKkZ72DKAHx2rfsM>
Cc: tls@ietf.org
Subject: Re: [TLS] Another IRINA bug in TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2015 12:54:54 -0000

On Monday 25 May 2015 14:27:55 Karthikeyan Bhargavan wrote:
> Argh, percentages revesed:
> 
> Alexa Top 1M:      45 K hosts out of 539K HTTPS hosts (8.4%)

which would align with the "ignored trust bit" (3k difference), as cipherscan 
is using a scanning method which will under-report servers with broken cipher 
selection (intolerance to big client hello's, RC4 ciphers low in order, etc.).

Those broken servers can account for up to 11k or 8.8k hosts (when ignoring 
trust) depending on how you count.

Anyway, I've started a new scan yesterday, we'll see how quickly 
administrators reacted.

My scans are also on https://scans.io (look for Fedora Project), if you're 
interested in raw data.

But AFAIK, Yngve's aren't and those are the ones we were commenting about.

> Browser-trusted : 706K hosts out of 14.3M HTTPS hosts with browser trusted
> certs (4.9%)
> On 25 May 2015, at 14:26, Karthikeyan Bhargavan 
<karthik.bhargavan@gmail.com>; wrote:
> > On 25 May 2015, at 14:02, Hubert Kario <hkario@redhat.com>; wrote:
> >>> Hubert Kario's latest results on
> >>> https://securitypitfalls.wordpress.com/2015/03/29/march-2015-scan-result
> >>> s/
> >>> show:
> >>> EXP-EDH-RSA-DES-CBC-SHA 22110     4.5043%
> >> 
> >> hmm, that is a bit big difference...
> >> 
> >> If I ignore the "trust" bit in results I'm still getting just:
> >> EXP-EDH-RSA-DES-CBC-SHA 41804     6.2565
> > 
> > At weakdh.org, we use numbers from the ZMap scans (https://scans.io/)
> > 
> > In March 2015, the number of servers supporting for TLS_DHE_*_EXPORT_*
> > were:
> > 
> > Alexa Top 1M:      45 K hosts out of 539K HTTPS hosts (4.9%)
> > Browser-trusted : 706K hosts out of 14.3M HTTPS hosts with browser trusted
> > certs (8.4%)
> > 
> > We think the numbers should have gone down some, partly due to servers
> > turning off *_EXPORT_* in the wake of FREAK (but sadly, not nearly enough
> > servers reacted to FREAK).
> > 
> > Best,
> > Karthik
> > 
> >> From 668168 sample.
> >> 
> >> But then there is something which matches rather well the percentage:
> >> EDH-RSA-DES-CBC-SHA     75939     11.3653
> >> (note the lack of "EXP-")
> > 
> > _______________________________________________
> > TLS mailing list
> > TLS@ietf.org
> > https://www.ietf.org/mailman/listinfo/tls

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic