[TLS] Opera 10.50 alpha snapshot with TLS Renego extension support
"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Sat, 23 January 2010 15:08 UTC
Return-Path: <yngve@opera.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ADE8B3A6877 for <tls@core3.amsl.com>; Sat, 23 Jan 2010 07:08:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.52
X-Spam-Level:
X-Spam-Status: No, score=-5.52 tagged_above=-999 required=5 tests=[AWL=-0.780, BAYES_20=-0.74, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2dXcErDBtV37 for <tls@core3.amsl.com>; Sat, 23 Jan 2010 07:08:53 -0800 (PST)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 525FE3A679C for <tls@ietf.org>; Sat, 23 Jan 2010 07:08:53 -0800 (PST)
Received: from acorna.oslo.opera.com (pat-tdc.opera.com [213.236.208.22]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5) with ESMTP id o0NF5Qct025660 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <tls@ietf.org>; Sat, 23 Jan 2010 15:05:27 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
Date: Sat, 23 Jan 2010 16:08:42 +0100
To: "tls@ietf.org" <tls@ietf.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.u6zq0sb5qrq7tp@acorna.oslo.opera.com>
User-Agent: Opera Mail/10.10 (Win32)
Subject: [TLS] Opera 10.50 alpha snapshot with TLS Renego extension support
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jan 2010 15:08:54 -0000
Hello all, Today Opera Software released a snapshot of Opera 10.50 alpha with support for the TLS RenegotiationInfo extension. Server vendors should note the following: * The RI extension is sent in all handshakes using extensions * The SCSV is only sent when we do not know if the server supports extensions (implied: Patched servers always support the RI extension) * Against known patched servers Opera 10.50 will ONLY send Client Hellos identifying TLS 1.2 as the highest supported version, and will abort ongoing handshakes if it not already identifying with TLS 1.2. It will **NOT** fall back to an older version if negotiation fails. Patched servers are assumed to be version tolerant. * It is a fatal error for a server (identified by hostname and port) to first indicate support for RI, then later (in the same session) fail to indicate support. Opera's implementation also contain an auto-updatable preference that can (step 1) be used to get Opera installations to display certificate warning dialogs for unpatched server, and (step 2) to disable support for unpatched servers. If and when these updates will be used is currently undecided. Additionally, a heads up: I've recently been doing some probing of TLS servers and among a 100 000+ sample 40+% of the servers did not check the RSA Premaster secret at all, and 0.7% required the wrong version (the negotiated version) in this field. Another finding is that 60+% of the tested servers did not tolerate the ClientHello.version field being set to 4.1, which could cause problems if/when the major version number of TLS is updated. Further information and download links can be found at: <http://my.opera.com/desktopteam/blog/continued-stabilization > <http://my.opera.com/securitygroup/blog/2010/01/23/alpha-testing-tls-renego-fix > -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
- [TLS] Opera 10.50 alpha snapshot with TLS Renego … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Opera 10.50 alpha snapshot with TLS Ren… Wan-Teh Chang
- Re: [TLS] Opera 10.50 alpha snapshot with TLS Ren… Yngve N. Pettersen (Developer Opera Software ASA)