IETF Logo Mail Archive

Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

Ronald del Rosario <rrosario@five9.com> Fri, 22 May 2015 16:03 UTC

Return-Path: <rrosario@five9.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87D701A1BB4 for <tls@ietfa.amsl.com>; Fri, 22 May 2015 09:03:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EnfY27izmW7c for <tls@ietfa.amsl.com>; Fri, 22 May 2015 09:03:10 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0711.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:711]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0171D1A1B6A for <tls@ietf.org>; Fri, 22 May 2015 09:03:09 -0700 (PDT)
Received: from BN1AFFO11FD029.protection.gbl (10.58.52.31) by BN1AFFO11HUB025.protection.gbl (10.58.52.135) with Microsoft SMTP Server (TLS) id 15.1.172.14; Fri, 22 May 2015 16:02:50 +0000
Authentication-Results: spf=pass (sender IP is 198.105.204.3) smtp.mailfrom=five9.com; ietf.org; dkim=none (message not signed) header.d=none;
Received-SPF: Pass (protection.outlook.com: domain of five9.com designates 198.105.204.3 as permitted sender) receiver=protection.outlook.com; client-ip=198.105.204.3; helo=mx02.five9.com;
Received: from mx02.five9.com (198.105.204.3) by BN1AFFO11FD029.mail.protection.outlook.com (10.58.52.184) with Microsoft SMTP Server (TLS) id 15.1.172.14 via Frontend Transport; Fri, 22 May 2015 16:02:49 +0000
Received: from MB01.five9.com (10.7.8.141) by mx02.five9.com (10.7.15.112) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 22 May 2015 09:02:13 -0700
Received: from MB03.five9.com ([fe80::4d18:3a9c:2936:eea8]) by mb01.five9.com ([fe80::ddc6:159a:f53:8ee7%15]) with mapi id 14.03.0158.001; Fri, 22 May 2015 09:02:48 -0700
From: Ronald del Rosario <rrosario@five9.com>
To: Dave Garrett <davemgarrett@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
Thread-Index: AQHQlB34iwHhmYkn6E+VKKHqxEVpQp2HwbwAgAABJQCAAAIvgIAAZCqA
Date: Fri, 22 May 2015 16:02:46 +0000
Message-ID: <D184A0B1.22B7F%rrosario@five9.com>
References: <201505211210.43060.davemgarrett@gmail.com> <20150522025214.GA21141@typhoon.azet.org> <CAHOTMVJ1i+h3x8UShLhku5VcFiB4RRrUmPZL6cz7LnHMeHzAFA@mail.gmail.com> <201505212304.11513.davemgarrett@gmail.com>
In-Reply-To: <201505212304.11513.davemgarrett@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.0.150423
x-originating-ip: [10.7.8.130]
Content-Type: multipart/alternative; boundary="_000_D184A0B122B7Frrosariofive9com_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11FD029; 1:P79x3PFEnVViM4e45Irf4GMPFLTr7FMW8mT+7hZ9qjZCe59u1j16lay4Yd/oLAiDfZxYb4lV6XuFy91kP+yFYPUqzRuSbaQYNGYuyoXTedZE3GjTyv7oEkdDOicIZjuDtZQllMEfm4U1p2sR7c18B3n/a2XQXFYOYVk+EmFdceILcLOuKjfjcGQHEFo8W3iN1Gkh88o8FMpO/EjAThh8sxPzrjBA4wnXMo+gb/EUNCKgUSTdKfSAk3537w2oNoZwx2VAgwJjxmaGasb84r8GDgnk4TS/QELtsfJW+xxxMO+WCou2dn9ZLvrVTkQWJMVh
X-Forefront-Antispam-Report: CIP:198.105.204.3; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(189002)(377454003)(199003)(24454002)(2950100001)(102836002)(2900100001)(15975445007)(86362001)(50986999)(54356999)(76176999)(16236675004)(512944002)(5890100001)(2501003)(5250100002)(93886004)(19617315012)(53416004)(36756003)(64706001)(5001860100001)(5001830100001)(5001770100001)(106466001)(106116001)(30436002)(189998001)(19580395003)(19580405001)(62966003)(77156002)(107886002)(5001970100001)(4001540100001)(4001350100001)(84326002)(83506001)(92566002)(46102003)(6806004)(2656002)(4546004)(87936001)(7099028)(85436002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1AFFO11HUB025; H:mx02.five9.com; FPR:; SPF:Pass; PTR:mx02.five9.com; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB025; 2:60tAEJBAYg0b4z7kk4YggLXEraolgxVWmyjItFP4zYQrv9SeZTcMY1oQDLZwBkDh; 2:hpdmjX8CpBzh/Pg20Y7m8QuPgW5uE/ovF5XedIckvIHLpMinvNpJTAGUP5+2gB4R1jBb0YGE1CuH0jeLVLCYZyBy2YlD/E5yPmMXqhn/2MSopFU/ZTGd9noHDfvwtclkCkI0koOkErz403wuov/X17noaina4uQCfkYRuBw+Z7t1BQbtHlM37l0ZrQdIRoWw3Zw0UKtF/dP1vFeXvcSz2d7qJJPRtuRqW5IzgnG9aZ8=; 6:1pp/XpyXjM0n3SttqdSY9y3SZTMR0xoGCaPhb/rfjsROQPOQ7gVfKbFk5rgzefoiR2vJci3/vo4feNa3UWS2LIuZi9+nuKTH59bZAVLoUBgfGQCUub7NbdUrrbvs+Stqs9qcwz24vfX8PdmgutmNwdAFyYgD9wuzQSxYP/5Ximpvu8zrmdGZBaAwS8BKXFyqQOIMiPfDZbLey243f4OQfaTmFSUw+SgZ5QXl52ZxxVQCfEP/d0l1Qd0CO0W+Y7rwJaNmG+pkHXadn6nTWjZTZnhklG5HAVWn1n1oDx4bz6oEZuxFCdQn1trLQnrUi1aMFJG6ssl+mpFCf3pdr69rQA==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1AFFO11HUB025;
X-Microsoft-Antispam-PRVS: <BN1AFFO11HUB025FD65DCAE1A7FD5BC632799C00@BN1AFFO11HUB025.protection.gbl>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004)(520002)(5005006)(3002001); SRVR:BN1AFFO11HUB025; BCL:0; PCL:0; RULEID:; SRVR:BN1AFFO11HUB025;
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB025; 3:nOUXSe1GmJXxRBgvLr9F8XUnwnqL87j/z5xRYtfxIU8YcAc9NdftswDDeqK0nBSIg2kKf9g6decTAVj2Kinxa6NxSOAPjK5sUUpqnTUlTEhi5245oSMPQGQe4Hs0fA5IICKPMlemtOw1Gm+g83BV4C8JjL9N9OMEvPjwW84mIJx0nKCO0c6E8Eci50P8kp+Ne/S+gpYQj5q8J0KkDhA+N8StZuYa1TsIYm9m1+qsN5hflqCJodiEdtQraGmRM4/YhFXMKZAldX8m/x71dsLq4UZzTS5xEz2mDsWb/JVjJS3ugbYHtUYMbQOpqJ+MkL72
X-Forefront-PRVS: 058441C12A
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB025; 9:IPSFYremtAhXQjeQD4UuCtALDPD88WAKqsg4IqERL8PUbsOiYeiEPPLlKWEYi6VG9hPIMaBJIW6FBl5VUhgurJNQS9+JgtlxKnoSfxf9b7+UcoPhMIdFYMC/IkP0BRk6tSXmDFIk/hVa0gulkdsO58lRjNQmMX7c76ks0jgqmKsTuCdNR/p6kMPSxjhZbXXy0QXl08KlvETNBhhl8rFVKqv4A1fKksmcVOq5t++IA+dwy63tkZ01zDIcRMXbE3vpQLFxuzdTEDNzXXXwjHD2vRfoy5zB0tToO6Ua3upXWZy+uS0TMX53HnMLIQe8+XouECM+bLx+yPeyrTnDjv3nJYkowQVvW/dic+L1ik3TBZCxNnqmRGK2+WAQhSpWDbs3sVYV4Ce4a5VAwABYd1eGuMzmJeHLG2MvDTHBIl1tlYo5Q9kMOyuJ21bJUZPn+mJMXHqe88tSyfeSENF94y5cqvT9X8JiqG6IfOWyRj4ys8igY92yvJSnPQdhcVWR5jEJmmd6vBf46FFA8vQuK4+64kwLUt6PZs6PQEzwAwNiySnPfex2n3jLi4cMKCVgT4CyAmr6tDgV3jKNkUPk2LCxJbOc9SneE15QGsHFF4jKd7AHr9oXuYUPUI+idOKVFMlOEVuy+0Ond9hmaT7dyvIpJufr8Zfy+gYtS5qQo7B5EC5FNADbSLaHLTX+Kb6x1y2UViIi2QLGL8rg2aKI2mnTb8HAgv7o82lR+iUJbsj0QapfxwsWWnUQgw+zBhiB9iob5EGqidu/faOA0XxFY0aFvnK8DYAZmkR1ampi2g2WkFexv65hOUjPBybv1KVLsyPzNHMm1P0c/UHftf0FN4q1+aGOhwkmXsEmKhz87iBzO3QWcnNq4W6dBUtOZZTx02xLkmGDE+WlHy44ohBBLTCzpGkAHkUc9sqFK7Yde8Rl1iGu99wO6anSPyGc8XRQX16J73d/OHRwLONMLasjEpPiZQzHGcsUdNyU+EBWg7Ik6v1acMhvf4g3mvVLX4DTmSPnqUtgEGYAvXZz6hx9g4kXUsMspvqHaKtX+BIxZf2w+IOKT/Q1gEI+kG6gt+FNx44IpkxCv/ZFqqtfqZMEqG6KJTAuavkBDvaVLAFdfKXYJHIfKUicyI5//ffgAKQlHASk8I1uXu/3IWyOQMXqY25EPEuvuk9rdX30xQftVsxJzZymUR/S91TQWdPlTZLX4+1XZoHU9Np3JSOk1fGEiH+NNuowaJPQ4HVOc+6xME5nmAO1GLTtZegPcg0JNicrvtCm
X-Microsoft-Exchange-Diagnostics: 1; BN1AFFO11HUB025; 3:z4TcWxJpnTsr7ugdMbdEgdszgGPI19vs9wRLnw9SE7Cm1lTr25vHuK3YRuXCa8RUS6FTHVfIHa5dfmURGXmD54Fje43Jmdu1bHecGj9m/yaCv/v6yT+jOO8bnd6d+5B/0+1wTNhfG3AHXhCQXNYa+Q==; 10:++3+u4JYx1wuK6qfRGauxAfiAX9nz9WzrDsOwDLvc7qFW1Ay+zDZJ/gVdUvStf0P6gWZbzj6R8Neou4rJgXrep7JgZURep4yhQyTfNa1dtU=
X-OriginatorOrg: five9.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 May 2015 16:02:49.5542 (UTC)
X-MS-Exchange-CrossTenant-Id: 91df0123-f1fa-4e71-852c-e6bdacd1a9a1
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=91df0123-f1fa-4e71-852c-e6bdacd1a9a1; Ip=[198.105.204.3]; Helo=[mx02.five9.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1AFFO11HUB025
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/4-d3npo29kPeHLAbQgBvEY1CQQs>
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 16:03:12 -0000

+1 on diediedocuments

Maybe it needs a “dedicated website + cool logo” ala heartbleed, FREAK, etc. to get noticed :-)

Ron del Rosario | @guerilla7

From: Dave Garrett <davemgarrett@gmail.com<mailto:davemgarrett@gmail.com>>
Date: Thursday, May 21, 2015 at 8:04 PM
To: "tls@ietf.org<mailto:tls@ietf.org>" <tls@ietf.org<mailto:tls@ietf.org>>
Subject: Re: [TLS] prohibit <1.2 support on 1.3+ servers (but allow clients)

On Thursday, May 21, 2015 10:56:22 pm Tony Arcieri wrote:
On Thu, May 21, 2015 at 7:52 PM, Aaron Zauner <azet@azet.org<mailto:azet@azet.org>> wrote:
> So how about that TLSv1-diediedie document? :)
I am very much +1 for more diediedie documents ;)

I'm certainly not going to argue against that. ;)

That said, the RC4 diediedie is getting largely ignored. To actually kill something like this off, it seems to need to be done as a panic response or as a requirement of something new that everyone starts together. (e.g. SSL3 diediedie or old TLS with HTTP/2) Thus was my reasoning for at least attempting to suggest it here. :|


Dave

_______________________________________________
TLS mailing list
TLS@ietf.org<mailto:TLS@ietf.org>
https://www.ietf.org/mailman/listinfo/tls


________________________________

CONFIDENTIALITY NOTICE: This e-mail and any files attached may contain confidential information of Five9 and/or its affiliated entities. Access by the intended recipient only is authorized. Any liability arising from any party acting, or refraining from acting, on any information contained in this e-mail is hereby excluded. If you are not the intended recipient, please notify the sender immediately, destroy the original transmission and its attachments and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Copyright in this e-mail and any attachments belongs to Five9 and/or its affiliated entities.

v2.23.0 | Report a Bug | By Email