IETF Logo Mail Archive

Re: [TLS] publishing SSL 3.0 as historic

Simon Josefsson <simon@josefsson.org> Tue, 15 February 2011 13:52 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 905403A6D40 for <tls@core3.amsl.com>; Tue, 15 Feb 2011 05:52:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Bi4KoUPsQ+f for <tls@core3.amsl.com>; Tue, 15 Feb 2011 05:52:00 -0800 (PST)
Received: from yxa-v.extundo.com (yxa-v.extundo.com [213.115.69.139]) by core3.amsl.com (Postfix) with ESMTP id 538503A6D32 for <tls@ietf.org>; Tue, 15 Feb 2011 05:52:00 -0800 (PST)
Received: from latte.josefsson.org (host-78-79-131-254.mobileonline.telia.com [78.79.131.254]) (authenticated bits=0) by yxa-v.extundo.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id p1FDqBVo003908 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 15 Feb 2011 14:52:17 +0100
From: Simon Josefsson <simon@josefsson.org>
To: mrex@sap.com
References: <4D566DFB.8040603@ralphholz.de> <201102141347.p1EDlQGt022588@fs4113.wdf.sap.corp>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:110215:mrex@sap.com::0zR1tvMAfhPySQ25:3VCS
X-Hashcash: 1:22:110215:ralph-tls-tum@ralphholz.de::werGKM6q6m1BTR/G:2xbO
X-Hashcash: 1:22:110215:tls@ietf.org::YwMW5R2/TWvmLu0U:9BzB
Date: Tue, 15 Feb 2011 14:52:10 +0100
In-Reply-To: <201102141347.p1EDlQGt022588@fs4113.wdf.sap.corp> (Martin Rex's message of "Mon, 14 Feb 2011 14:47:26 +0100 (MET)")
Message-ID: <87vd0lbe2d.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: clamav-milter 0.96.5 at yxa-v
X-Virus-Status: Clean
Cc: tls@ietf.org
Subject: Re: [TLS] publishing SSL 3.0 as historic
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Feb 2011 13:52:01 -0000

Martin Rex <mrex@sap.com> writes:

> Ralph Holz wrote:
>> 
>> > Considering that a non-marginal fraction of the TLS protected communication
>> > actually negotiates protocol version {0x03,0x00}, there is not reason for
>> > a classification of "historic".
>> 
>> Not intending to take sides here, but from our own observations at a
>> large ISP, SSLv3 seems to be chosen as a protocol version only for a
>> very marginal fraction of connections. I can't quite remember the
>> numbers, but it was something around 0.1% or less. I can look it up, if
>> you want.
>
> That low number appears somewhat unrealistic to me.
>
> Microsoft Windows XP was shipped with SSLv2 enabled and TLSv1.0 disabled.

Service packs can make rather radical changes, are you sure an updated
Windows XP still enable SSLv2?  If so, I'm hoping the next security
update will disable it.

/Simon

v2.23.0 | Report a Bug | By Email