Re: [TLS] An SCSV to stop TLS fallback.

"Yngve N. Pettersen" <yngve@spec-work.net> Thu, 05 December 2013 02:15 UTC

Return-Path: <yngve@spec-work.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B39C81ADFFC for <tls@ietfa.amsl.com>; Wed, 4 Dec 2013 18:15:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tm66sZLMohAU for <tls@ietfa.amsl.com>; Wed, 4 Dec 2013 18:15:55 -0800 (PST)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [194.63.252.54]) by ietfa.amsl.com (Postfix) with ESMTP id 2B12C1ADF7E for <tls@ietf.org>; Wed, 4 Dec 2013 18:15:54 -0800 (PST)
Received: from 47.70.202.84.customer.cdi.no ([84.202.70.47]:56041 helo=killashandra.invalid.invalid) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <yngve@spec-work.net>) id 1VoOTm-0006Gj-Ud for tls@ietf.org; Thu, 05 Dec 2013 03:15:50 +0100
Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes
To: tls@ietf.org
References: <CAL9PXLzWPY5o2SeV=kUPWxznkw+3cmpbMpYifCebfqd48VW9UA@mail.gmail.com> <CACsn0ckuupJaNKXGjP63LfZiDsV5FLOqfk902O9i1oheqtAAhA@mail.gmail.com> <CAL9PXLxueY_k0XWgTrqVxqXDgvCRhAW5UEa8YjU9_rnuZ6otTA@mail.gmail.com> <CAL2p+8TXJVmnb-v3xH6uzW+rpZ+v8J65TjO32__O3ZofQiwSig@mail.gmail.com> <CAL9PXLwKxF14CUNmN=-P6mhcr+xcGw0_Aaq7amdBXZKUsrKsKA@mail.gmail.com> <CADMpkcLRNmmoMOpJ9QVFPMEbpSyu39afipWUv4Du-assHoC1rw@mail.gmail.com> <CAL9PXLx0+bYn_KXKhvFz=D_jXfctdVihaXnj=SqB6EeEqRLOSg@mail.gmail.com> <CADMpkcKvXxHwj+Rj_j8qF84aEbWJiBiXnk9t1qfh7NychraZcQ@mail.gmail.com> <CALTJjxEDXsmdzY4+OH2AFcYfMW5zY=V4PzQK3hqB1WrqjRJB+g@mail.gmail.com> <CADMpkcJO8xZ41DDnofPinm2SMkhONW7w+cODGwnVpJtB5o8OqQ@mail.gmail.com> <CALTJjxGTmSPRNWfbRrpkFQb3nBwY63fUros+4fLsXjum=q3urA@mail.gmail.com> <529F7E9D.80302@elzevir.fr> <CAL9PXLwVQ=GmZXGrh4+VEd-u1dhhvThKHfVf0qRShcR+LdExTQ@mail.gmail.com> <f30ced5319a9451080562a1d2d8004f8@BY2PR03MB074.namprd03.prod.outlook.com> <A2F79DCABB3A9F449B2EAA39BA9DB726B68DED@QUTEXMBX01.qut.edu.au> <m38uw0qftg.fsf@carbon.jhcloos.org>
Date: Thu, 05 Dec 2013 03:15:45 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen" <yngve@spec-work.net>
Message-ID: <op.w7lkkjm03dfyax@killashandra.invalid.invalid>
In-Reply-To: <m38uw0qftg.fsf@carbon.jhcloos.org>
User-Agent: Opera Mail/12.15 (Win32)
Subject: Re: [TLS] An SCSV to stop TLS fallback.
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 02:15:57 -0000

On Thu, 05 Dec 2013 01:52:34 +0100, James Cloos <cloos@jhcloos.com> wrote:

>>>>>> "DS" == Douglas Stebila <stebila@qut.edu.au> writes:
>
> DS> Does anyone on the list know of an example website where one can
> DS> observe a potentially attackable TLS fallback?
>
> I do not know the extent to which it is attackable, but  
> https://archive.org
> (aka www.archive.org) only works with ssl/3.0.  TLS-only clients cannot
> connect thereto.

This site may be SSL v3.0-only, but it is version and extension tolerant  
up to at least version bytes 3.4, as well as for 4.1. It is also Renego  
patched, and AFAICT support SNI and ECDHE_RSA. Given the latter two, I  
wonder if the server is actually able to support at least TLS 1.0, but  
that it have been disabled somehow, perhaps due to an old configuration  
setting that only specifies SSL v3 as enabled (perhaps in order to disable  
SSL v2).

-- 
Sincerely,
Yngve N. Pettersen

Using Opera's mail client: http://www.opera.com/mail/