[TLS] Client Hello size intolerance Was: Re: Thoughts on Version Intolerance
Hubert Kario <hkario@redhat.com> Mon, 25 July 2016 11:13 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C0F12D7AC for <tls@ietfa.amsl.com>; Mon, 25 Jul 2016 04:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.189
X-Spam-Level:
X-Spam-Status: No, score=-8.189 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.287, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KV4kqdce9Wd0 for <tls@ietfa.amsl.com>; Mon, 25 Jul 2016 04:13:25 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3696012D7AB for <tls@ietf.org>; Mon, 25 Jul 2016 04:13:19 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C620364360; Mon, 25 Jul 2016 11:13:18 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (dhcp-0-107.brq.redhat.com [10.34.0.107]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u6PBDGeV002795 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 25 Jul 2016 07:13:18 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Mon, 25 Jul 2016 13:13:11 +0200
Message-ID: <10280200.XEPfMK1A2H@pintsize.usersys.redhat.com>
User-Agent: KMail/5.2.3 (Linux/4.6.4-301.fc24.x86_64; KDE/5.23.0; x86_64; ; )
In-Reply-To: <2581885.dP5x8nd4GP@pintsize.usersys.redhat.com>
References: <20160720173027.9BC3D1A504@ld9781.wdf.sap.corp> <201607211604.25745.davemgarrett@gmail.com> <2581885.dP5x8nd4GP@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart209925102.4tRkumrgv7"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Mon, 25 Jul 2016 11:13:18 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1hRdN-FRAVAAIVSw-gwCFEE5oSA>
Subject: [TLS] Client Hello size intolerance Was: Re: Thoughts on Version Intolerance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2016 11:13:28 -0000
On Friday, 22 July 2016 12:08:00 CEST Hubert Kario wrote: > (I'll try to have more concrete numbers on Monday) So I extended the scanning script to perform two tests - send a "Very Compatible"[1] Client Hello and ones that was extended to be 64KiB long either through addition of padding extension or cipher suites[2]. Then the size that was accepted by server was found through binary search by stripping the additional cipher suites or reducing the size of the padding extension. Around first 4300 domains were scanned from the Alexa top 1 million this way. 4388 hosts[3] answered to at least a single connection with an unexpired certificate signed by a CA in Mozilla trust program. Of those, 45 (1.03%) could not be connected to (did not receive a Server Hello/.../Server Hello Done reply) with the "Very Compatible" client hello. And one caused the scan script to abort. There were no TLSv1.2 client hello incompatible or TLS extension incompatible hosts in the scan. 170 were detected as TLS 1.3 incompatible (3.9%) 183 were detected as TLS 1.4 incompatible (4.2%) 229 were detected as TLS 1.253 incompatible (5.22%) in the below excerpt (full list below, this is just entries that have at least 4 servers with same behaviour), "e/<number>" means that it's the smallest size of "Very Compatible" client hello extended through the padding extension that causes its rejection by server, similarly "c/<number>" indicates smallest size rejected by server when the client hello is made big through addition of cipher suite IDs size e/17676 10 0.2279 size e/17676 c/16408 4 0.0912 size e/17676 c/16409 4 0.0912 size e/17520 251 5.7201 size e/17520 c/16408 122 2.7803 size e/17520 c/16409 124 2.8259 size e/17468 5 0.1139 size e/17468 c/16408 3 0.0684 size e/17468 c/16409 2 0.0456 size e/16389 3328 75.8432 size e/16389 c/16389 1750 39.8815 size e/16389 c/16390 1560 35.5515 size e/16385 339 7.7256 size e/16385 c/16385 178 4.0565 size e/16385 c/16386 153 3.4868 size e/16340 5 0.1139 size e/10245 41 0.9344 size e/10245 c/10245 28 0.6381 size e/10245 c/10246 12 0.2735 size e/4092 9 0.2051 size e/4092 c/4093 8 0.1823 size e/2049 4 0.0912 size e/1356 10 0.2279 size e/1356 c/1356 5 0.1139 size e/1356 c/1357 5 0.1139 size c/16646 5 0.1139 size c/16408 142 3.2361 size c/16409 142 3.2361 size c/16389 1760 40.1094 size c/16390 1571 35.8022 size c/16385 182 4.1477 size c/16386 155 3.5324 size c/10245 28 0.6381 size c/10246 12 0.2735 size c/4093 8 0.1823 size c/1356 5 0.1139 size c/1357 5 0.1139 size c/409 5 0.1139 Cumulative distribution function for size intolerancies looks like this: size <c/512 12 0.2733 size <c/1024 16 0.3644 size <c/2048 33 0.7515 size <c/4096 47 1.0704 size <c/8192 47 1.0704 size >=c/8192 4064 92.5529 size <e/512 0 0 size <e/1024 0 0 size <e/2048 11 0.2505 size <e/4096 32 0.7288 size <e/8192 34 0.7743 size >=e/8192 4077 92.849 so while there are about 3-4% of servers which are outright incompatible to TLSv1.3 version in Client Hello, there are also around 2% of servers which are problematic to connect to (with TLSv1.2 hello) or with a large (up to 4KiB) client hello -- 1 - few most common ciphers (ECDHE, ECDSA, DHE, AES, 3DES, RC4, with GCM, SHA-256, SHA-1 and MD5 HMACs, empty renegotiation info scsv) and common extensions (SNI, supported groups, EC point formats, session ticket, NPN, ALPN, status request and signature algorithms) with no non-standard or uncommon values 2 - ciphersuites were addded from the 0x2000-0xa000 range (excluding TLS_FALLBACK_SCSV) 3 - if different IPs serve the www.example.com and exmple.com domains, both were scanned Full list: Intolerancies Count Percent ----------------------------------------+---------+------- Huge Cipher List 4143 94.4166 Huge Cipher List (trunc c/16388) 2488 56.7001 SSL 3.254 229 5.2188 TLS 1.0 37 0.8432 TLS 1.1 8 0.1823 TLS 1.3 170 3.8742 TLS 1.4 183 4.1705 Very Compatible 45 1.0255 Xmas tree 687 15.6563 size c/10245 28 0.6381 size c/10246 12 0.2735 size c/10831 1 0.0228 size c/10953 1 0.0228 size c/11001 1 0.0228 size c/1153 3 0.0684 size c/1154 1 0.0228 size c/1155 1 0.0228 size c/11621 2 0.0456 size c/11634 1 0.0228 size c/11697 1 0.0228 size c/11710 2 0.0456 size c/11728 1 0.0228 size c/12044 1 0.0228 size c/12252 1 0.0228 size c/12289 1 0.0228 size c/12443 1 0.0228 size c/12444 1 0.0228 size c/13464 1 0.0228 size c/1356 5 0.1139 size c/1357 5 0.1139 size c/13839 1 0.0228 size c/14486 1 0.0228 size c/14487 3 0.0684 size c/15488 1 0.0228 size c/15503 1 0.0228 size c/15507 1 0.0228 size c/15675 1 0.0228 size c/15912 1 0.0228 size c/15931 1 0.0228 size c/15993 1 0.0228 size c/16008 1 0.0228 size c/16013 1 0.0228 size c/16015 1 0.0228 size c/16016 2 0.0456 size c/16020 1 0.0228 size c/16040 3 0.0684 size c/16094 1 0.0228 size c/16206 1 0.0228 size c/16209 1 0.0228 size c/16272 1 0.0228 size c/16273 1 0.0228 size c/16289 1 0.0228 size c/16353 1 0.0228 size c/16367 1 0.0228 size c/16369 2 0.0456 size c/16375 2 0.0456 size c/16385 182 4.1477 size c/16386 155 3.5324 size c/16387 1 0.0228 size c/16388 1 0.0228 size c/16389 1760 40.1094 size c/16390 1571 35.8022 size c/16404 1 0.0228 size c/16406 1 0.0228 size c/16408 142 3.2361 size c/16409 142 3.2361 size c/1645 1 0.0228 size c/16645 3 0.0684 size c/16646 5 0.1139 size c/1979 1 0.0228 size c/20420 1 0.0228 size c/2049 2 0.0456 size c/2050 1 0.0228 size c/24993 1 0.0228 size c/354 2 0.0456 size c/407 1 0.0228 size c/4076 1 0.0228 size c/4077 1 0.0228 size c/408 1 0.0228 size c/409 5 0.1139 size c/4092 1 0.0228 size c/4093 8 0.1823 size c/410 3 0.0684 size c/555 1 0.0228 size c/663 1 0.0228 size c/664 1 0.0228 size c/666 1 0.0228 size c/8360 1 0.0228 size c/8361 1 0.0228 size c/9853 1 0.0228 size c/9886 1 0.0228 size c/9961 1 0.0228 size c/9963 1 0.0228 size e/10245 41 0.9344 size e/10245 c/10245 28 0.6381 size e/10245 c/10246 12 0.2735 size e/10245 c/663 1 0.0228 size e/10953 1 0.0228 size e/10953 c/10953 1 0.0228 size e/11001 1 0.0228 size e/11001 c/11001 1 0.0228 size e/11404 1 0.0228 size e/11404 c/16375 1 0.0228 size e/11621 1 0.0228 size e/11621 c/11621 1 0.0228 size e/11634 1 0.0228 size e/11634 c/11634 1 0.0228 size e/11696 1 0.0228 size e/11696 c/11697 1 0.0228 size e/11709 2 0.0456 size e/11709 c/11710 2 0.0456 size e/11728 1 0.0228 size e/11728 c/11728 1 0.0228 size e/11763 1 0.0228 size e/11763 c/9886 1 0.0228 size e/11828 1 0.0228 size e/11828 c/1645 1 0.0228 size e/12232 1 0.0228 size e/12232 c/12252 1 0.0228 size e/12288 1 0.0228 size e/12288 c/12289 1 0.0228 size e/12318 1 0.0228 size e/12318 c/15931 1 0.0228 size e/12441 1 0.0228 size e/12441 c/16209 1 0.0228 size e/13378 1 0.0228 size e/13378 c/16375 1 0.0228 size e/1356 10 0.2279 size e/1356 c/1356 5 0.1139 size e/1356 c/1357 5 0.1139 size e/13927 1 0.0228 size e/13927 c/13839 1 0.0228 size e/14036 1 0.0228 size e/14036 c/12044 1 0.0228 size e/14297 1 0.0228 size e/14297 c/11621 1 0.0228 size e/14489 1 0.0228 size e/14489 c/12444 1 0.0228 size e/14490 2 0.0456 size e/14490 c/16390 2 0.0456 size e/14744 1 0.0228 size e/14744 c/16385 1 0.0228 size e/15313 1 0.0228 size e/15313 c/16094 1 0.0228 size e/15490 1 0.0228 size e/15490 c/16206 1 0.0228 size e/15892 1 0.0228 size e/15892 c/8361 1 0.0228 size e/15988 1 0.0228 size e/15988 c/16353 1 0.0228 size e/16006 1 0.0228 size e/16006 c/16013 1 0.0228 size e/16020 2 0.0456 size e/16020 c/15912 1 0.0228 size e/16020 c/16390 1 0.0228 size e/16021 2 0.0456 size e/16021 c/16389 1 0.0228 size e/16021 c/16390 1 0.0228 size e/16022 1 0.0228 size e/16022 c/16389 1 0.0228 size e/16040 3 0.0684 size e/16040 c/16040 3 0.0684 size e/16171 1 0.0228 size e/16171 c/16390 1 0.0228 size e/16271 1 0.0228 size e/16271 c/16008 1 0.0228 size e/16275 3 0.0684 size e/16275 c/15675 1 0.0228 size e/16275 c/16385 1 0.0228 size e/16275 c/16390 1 0.0228 size e/16289 1 0.0228 size e/16289 c/16289 1 0.0228 size e/16303 1 0.0228 size e/16303 c/16386 1 0.0228 size e/16319 1 0.0228 size e/16319 c/16389 1 0.0228 size e/16339 3 0.0684 size e/16339 c/16273 1 0.0228 size e/16339 c/16390 1 0.0228 size e/16339 c/407 1 0.0228 size e/16340 5 0.1139 size e/16340 c/16016 1 0.0228 size e/16340 c/408 1 0.0228 size e/16340 c/409 3 0.0684 size e/16341 3 0.0684 size e/16341 c/410 3 0.0684 size e/16343 1 0.0228 size e/16343 c/409 1 0.0228 size e/16372 1 0.0228 size e/16372 c/16390 1 0.0228 size e/16379 1 0.0228 size e/16379 c/16385 1 0.0228 size e/16385 339 7.7256 size e/16385 c/16385 178 4.0565 size e/16385 c/16386 153 3.4868 size e/16385 c/16390 2 0.0456 size e/16385 c/354 2 0.0456 size e/16385 c/409 1 0.0228 size e/16385 c/664 1 0.0228 size e/16385 c/666 1 0.0228 size e/16385 c/8360 1 0.0228 size e/16387 3 0.0684 size e/16387 c/16389 3 0.0684 size e/16388 3 0.0684 size e/16388 c/16386 1 0.0228 size e/16388 c/16388 1 0.0228 size e/16388 c/16389 1 0.0228 size e/16389 3328 75.8432 size e/16389 c/10831 1 0.0228 size e/16389 c/1154 1 0.0228 size e/16389 c/12443 1 0.0228 size e/16389 c/13464 1 0.0228 size e/16389 c/14486 1 0.0228 size e/16389 c/14487 3 0.0684 size e/16389 c/15488 1 0.0228 size e/16389 c/15503 1 0.0228 size e/16389 c/15507 1 0.0228 size e/16389 c/15993 1 0.0228 size e/16389 c/16015 1 0.0228 size e/16389 c/16016 1 0.0228 size e/16389 c/16367 1 0.0228 size e/16389 c/16369 2 0.0456 size e/16389 c/16387 1 0.0228 size e/16389 c/16389 1750 39.8815 size e/16389 c/16390 1560 35.5515 size e/16562 3 0.0684 size e/16562 c/16409 3 0.0684 size e/16645 1 0.0228 size e/16645 c/16646 1 0.0228 size e/16740 3 0.0684 size e/16740 c/16409 3 0.0684 size e/17297 1 0.0228 size e/17297 c/16408 1 0.0228 size e/17423 1 0.0228 size e/17423 c/16408 1 0.0228 size e/17424 1 0.0228 size e/17424 c/16408 1 0.0228 size e/17468 5 0.1139 size e/17468 c/16408 3 0.0684 size e/17468 c/16409 2 0.0456 size e/17512 3 0.0684 size e/17512 c/16408 3 0.0684 size e/17519 1 0.0228 size e/17519 c/16408 1 0.0228 size e/17520 251 5.7201 size e/17520 c/1153 2 0.0456 size e/17520 c/1155 1 0.0228 size e/17520 c/16404 1 0.0228 size e/17520 c/16406 1 0.0228 size e/17520 c/16408 122 2.7803 size e/17520 c/16409 124 2.8259 size e/17522 1 0.0228 size e/17522 c/16408 1 0.0228 size e/17529 1 0.0228 size e/17529 c/16408 1 0.0228 size e/17532 1 0.0228 size e/17532 c/16409 1 0.0228 size e/17537 1 0.0228 size e/17537 c/16408 1 0.0228 size e/17585 1 0.0228 size e/17585 c/16409 1 0.0228 size e/17676 10 0.2279 size e/17676 c/16408 4 0.0912 size e/17676 c/16409 4 0.0912 size e/17676 c/4076 1 0.0228 size e/17676 c/4077 1 0.0228 size e/17706 3 0.0684 size e/17706 c/16408 3 0.0684 size e/17720 1 0.0228 size e/17720 c/16272 1 0.0228 size e/18032 1 0.0228 size e/18032 c/16409 1 0.0228 size e/18174 1 0.0228 size e/18174 c/16409 1 0.0228 size e/18277 1 0.0228 size e/18277 c/16409 1 0.0228 size e/2046 1 0.0228 size e/2046 c/1979 1 0.0228 size e/2049 4 0.0912 size e/2049 c/1153 1 0.0228 size e/2049 c/2049 2 0.0456 size e/2049 c/2050 1 0.0228 size e/2053 1 0.0228 size e/2053 c/555 1 0.0228 size e/20615 1 0.0228 size e/20615 c/16409 1 0.0228 size e/21501 1 0.0228 size e/21501 c/20420 1 0.0228 size e/25785 1 0.0228 size e/25785 c/24993 1 0.0228 size e/3218 1 0.0228 size e/3218 c/16646 1 0.0228 size e/3219 1 0.0228 size e/3219 c/16646 1 0.0228 size e/3474 2 0.0456 size e/3474 c/16645 2 0.0456 size e/3475 1 0.0228 size e/3475 c/16645 1 0.0228 size e/3731 1 0.0228 size e/3731 c/16646 1 0.0228 size e/3735 1 0.0228 size e/3735 c/16646 1 0.0228 size e/4092 9 0.2051 size e/4092 c/4092 1 0.0228 size e/4092 c/4093 8 0.1823 size e/7866 1 0.0228 size e/7866 c/16020 1 0.0228 size e/8155 1 0.0228 size e/8155 c/16390 1 0.0228 size e/8362 1 0.0228 size e/8362 c/16385 1 0.0228 size e/8364 1 0.0228 size e/8364 c/16389 1 0.0228 size e/8365 1 0.0228 size e/8365 c/16389 1 0.0228 size e/8366 1 0.0228 size e/8366 c/16389 1 0.0228 size e/9853 1 0.0228 size e/9853 c/9853 1 0.0228 size e/9960 1 0.0228 size e/9960 c/9961 1 0.0228 size e/9963 1 0.0228 size e/9963 c/9963 1 0.0228 x:missing information 1 0.0228 -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
- [TLS] Client Hello size intolerance Was: Re: Thou… Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Yuhong Bao
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Ivan Ristić
- Re: [TLS] Thoughts on Version Intolerance Yuhong Bao
- Re: [TLS] Thoughts on Version Intolerance Yuhong Bao
- Re: [TLS] Thoughts on Version Intolerance David Benjamin
- Re: [TLS] Thoughts on Version Intolerance Brian Smith
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Peter Gutmann
- Re: [TLS] Thoughts on Version Intolerance Ilari Liusvaara
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance David Benjamin
- Re: [TLS] Thoughts on Version Intolerance Watson Ladd
- Re: [TLS] Thoughts on Version Intolerance Martin Rex
- Re: [TLS] Thoughts on Version Intolerance Benjamin Kaduk
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Watson Ladd
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Kyle Rose
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Martin Rex
- Re: [TLS] Thoughts on Version Intolerance Hanno Böck
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance David Benjamin
- Re: [TLS] Thoughts on Version Intolerance Ilari Liusvaara
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- [TLS] Thoughts on Version Intolerance Hanno Böck
- Re: [TLS] Client Hello size intolerance Was: Re: … David Benjamin
- Re: [TLS] Client Hello size intolerance Was: Re: … Hubert Kario
- Re: [TLS] Client Hello size intolerance Was: Re: … Brian Smith
- Re: [TLS] Thoughts on Version Intolerance Dave Garrett
- Re: [TLS] Thoughts on Version Intolerance Ilari Liusvaara