Re: [TLS] Working Group Last Call for draft-ietf-tls-sslv3-diediedie-00

Hubert Kario <hkario@redhat.com> Fri, 30 January 2015 10:32 UTC

From: Hubert Kario <hkario@redhat.com>
To: Kurt Roeckx <kurt@roeckx.be>
Date: Fri, 30 Jan 2015 11:32:31 +0100
Message-ID: <3944737.Vi3xPCYbBb@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.3 (Linux/3.17.8-200.fc20.x86_64; KDE/4.14.3; x86_64; ; )
In-Reply-To: <20150129181850.GA9608@roeckx.be>
References: <9A043F3CF02CD34C8E74AC1594475C73AAF694DD@uxcn10-tdc05.UoA.auckland.ac.nz> <1504300.ArI2OzS8We@pintsize.usersys.redhat.com> <20150129181850.GA9608@roeckx.be>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/1TjDUPWE7JGLyiCmLNwM6tfMLCc>
Cc: tls@ietf.org
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-sslv3-diediedie-00
Precedence: list

On Thursday 29 January 2015 19:18:50 Kurt Roeckx wrote:
> On Thu, Jan 29, 2015 at 11:18:44AM +0100, Hubert Kario wrote:
> > > For
> > > some reason 1.2 actually seems to better support than 1.1.  There
> > > are a strange set of servers out there that support 1.0 and 1.2
> > > but not 1.1.
> > 
> > bug in openssl, SSL_OP_ALL from OpenSSL 1.0.0 did include
> > SSL_OP_NO_TLSv1_1
> > when run against OpenSSL 1.0.1:
> > https://rt.openssl.org/Ticket/Display.html?id=2802&user=guest&pass=guest
> > 
> > which you should know, given that you have submitted the above bug report
> > ;)
> I do know about that bug report.  The only people that should have
> been affected by it were those that compiled against 1.0.1 and not
> against ealier or later releases like any 1.0.0* or 1.0.1[a-l].
> 
> The sites that have this behaviour are also larger sites that
> probably use some kind of accelator hardware, 

well, one thing doesn't exclude the other - especially given the support for 
`engine` in OpenSSL

> and I suspect it's
> that hardware that doesn't do TLS 1.1.  At least 1 site I know
> about that doesn't know TLS 1.1 but does TLS 1.2 is also
> vulnerable to poodle in TLS, so they can't be using openssl.

interesting...
-- 
Regards,
Hubert Kario

[TLS] Working Group Last Call for draft-ietf-tls-… Joseph Salowey
Re: [TLS] Working Group Last Call for draft-ietf-… Andrei Popov
Re: [TLS] Working Group Last Call for draft-ietf-… Xiaoyin Liu
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
Re: [TLS] Working Group Last Call for draft-ietf-… Geoffrey Keating
Re: [TLS] Working Group Last Call for draft-ietf-… Dave Garrett
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
Re: [TLS] Working Group Last Call for draft-ietf-… Stephen Checkoway
Re: [TLS] Working Group Last Call for draft-ietf-… Aaron Zauner
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
Re: [TLS] Working Group Last Call for draft-ietf-… Dave Garrett
Re: [TLS] Working Group Last Call for draft-ietf-… Yuhong Bao
Re: [TLS] Working Group Last Call for draft-ietf-… Hanno Böck
Re: [TLS] Working Group Last Call for draft-ietf-… Aaron Zauner
Re: [TLS] Working Group Last Call for draft-ietf-… Dave Garrett
Re: [TLS] Working Group Last Call for draft-ietf-… Michael Clark
Re: [TLS] Working Group Last Call for draft-ietf-… Peter Gutmann
Re: [TLS] Working Group Last Call for draft-ietf-… Kurt Roeckx
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
Re: [TLS] Working Group Last Call for draft-ietf-… Joe Hall
Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
Re: [TLS] Working Group Last Call for draft-ietf-… Kurt Roeckx
Re: [TLS] Working Group Last Call for draft-ietf-… Hubert Kario
Re: [TLS] Working Group Last Call for draft-ietf-… Peter Gutmann
Re: [TLS] Working Group Last Call for draft-ietf-… Bodo Moeller
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
Re: [TLS] Working Group Last Call for draft-ietf-… Stephen Checkoway
Re: [TLS] Working Group Last Call for draft-ietf-… Joseph Salowey
Re: [TLS] Working Group Last Call for draft-ietf-… Erik Nygren
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
Re: [TLS] Working Group Last Call for draft-ietf-… Joseph Salowey
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Thomson
Re: [TLS] Working Group Last Call for draft-ietf-… Martin Rex
Re: [TLS] Working Group Last Call for draft-ietf-… Watson Ladd