Re: [TLS] Broken browser behaviour with SCADA TLS

Kurt Roeckx <kurt@roeckx.be> Wed, 04 July 2018 12:24 UTC

Return-Path: <kurt@roeckx.be>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86C04130E89 for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 05:24:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ikhdEMFdlCdf for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 05:24:11 -0700 (PDT)
Received: from excelsior.roeckx.be (excelsior.roeckx.be [IPv6:2a01:70:ffff:1::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D0FE130E5C for <tls@ietf.org>; Wed, 4 Jul 2018 05:24:11 -0700 (PDT)
Received: from intrepid.roeckx.be (localhost [127.0.0.1]) by excelsior.roeckx.be (Postfix) with ESMTP id 060A5A8A036D; Wed, 4 Jul 2018 12:24:08 +0000 (UTC)
Received: by intrepid.roeckx.be (Postfix, from userid 1000) id D92F31FE0A25; Wed, 4 Jul 2018 14:24:07 +0200 (CEST)
Date: Wed, 4 Jul 2018 14:24:07 +0200
From: Kurt Roeckx <kurt@roeckx.be>
To: Hubert Kario <hkario@redhat.com>
Cc: tls@ietf.org
Message-ID: <20180704122407.GA10998@roeckx.be>
References: <1530687136897.97792@cs.auckland.ac.nz> <CABkgnnXsM2_PsL_YsuNEh6eDyp-R2d2JRm6OmGFh9nRAV5Lukg@mail.gmail.com> <1530690320155.99154@cs.auckland.ac.nz> <1673271.m6b9jqBoj9@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1673271.m6b9jqBoj9@pintsize.usersys.redhat.com>
User-Agent: Mutt/1.10.0 (2018-05-17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/9prjcXNv5G9Jrl9vG9nDE33BOSE>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 12:24:14 -0000

On Wed, Jul 04, 2018 at 12:01:18PM +0200, Hubert Kario wrote:
> what "browser extensions"? you can't really do a modern TLS 1.2 without 
> extensions, let alone TLS 1.3 (which is now enabled by default in NSS). I'm 
> quite sure NSS didn't drop any consequential ones...

The extensions are not related to TLS, but are extentions /
add-ons of the browser itself. Firefox dropped support for the
old way of doing extensions in version 57. They also added the
WebExtensions API that is also implemented in other browsers.
This required major rewrites of the extensions, and some were
never changed to work with the new API.


Kurt