[TLS] question about the cipher_suite in server hello during a resume session
Rik LIU <R.LIU@f5.com> Sun, 03 April 2016 04:59 UTC
Return-Path: <prvs=89482cc75=R.LIU@f5.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00E1F12D5C6 for <tls@ietfa.amsl.com>; Sat, 2 Apr 2016 21:59:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.031
X-Spam-Level:
X-Spam-Status: No, score=-7.031 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=f5.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id olXbULnfc0kN for <tls@ietfa.amsl.com>; Sat, 2 Apr 2016 21:59:00 -0700 (PDT)
Received: from mail.f5.com (mail.f5.com [208.85.209.139]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D68EB12D5C0 for <tls@ietf.org>; Sat, 2 Apr 2016 21:59:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=f5.com; i=@f5.com; q=dns/txt; s=seattle; t=1459659541; x=1491195541; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=2l1AnmQOxKUJC6HfKBO03LdjuHX7CwyMqYRw33eshgI=; b=gHkHqiAprhFgJwpfwVKwQQd9jUI8U8lzjLk0HW+dTJQhJGRsJFFCx7At IGtb7kHmf8PC9MCXPUanwmOFDQKzonX8jM0qeyzNUPAliCup6x+BPYiFK GJecbHWJ2Tp/KXyNMb6avcaaGEIQNz9MSyx2syUdqgkzd6YRSAdohDzuR g=;
X-IronPort-AV: E=Sophos;i="5.24,435,1454976000"; d="scan'208";a="211742222"
Received: from oracle-apps.f5net.com (HELO exchmail.f5net.com) ([192.168.10.235]) by mail.f5.com with ESMTP/TLS/AES256-SHA; 03 Apr 2016 04:59:00 +0000
Received: from SEAEXCHMBX03.olympus.F5Net.com (192.168.15.225) by seaexchmbx03.olympus.F5Net.com (192.168.15.225) with Microsoft SMTP Server (TLS) id 15.0.1156.6; Sat, 2 Apr 2016 21:59:00 -0700
Received: from SEAEXCHMBX03.olympus.F5Net.com ([fe80::f95f:ea5d:773b:29b8]) by seaexchmbx03.olympus.F5Net.com ([fe80::f95f:ea5d:773b:29b8%13]) with mapi id 15.00.1156.000; Sat, 2 Apr 2016 21:59:00 -0700
From: Rik LIU <R.LIU@f5.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: question about the cipher_suite in server hello during a resume session
Thread-Index: AQHRjWWIqzT3N/ewf0yvPauvZ7na0g==
Date: Sun, 03 Apr 2016 04:58:59 +0000
Message-ID: <1459659538822.83443@f5.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.15.239]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/9w7vWPgsee0EGv1OezmOQWSRWeo>
Subject: [TLS] question about the cipher_suite in server hello during a resume session
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2016 05:03:19 -0000
Hello all, I have a confusion about this specification, and I did a search of the mail archives, it seems not mentioned before : rfc5246 7.4.1.3. Server Hello cipher_suite For resumed sessions, this field is the value from the state of the session being resumed. There is not a 'MUST' to strict the server that cannot pick up a different cipher. Even we all know the resume must be failed. So it's a little tricky if a server implementation does wrong but not explicitly against this RFC. And refering rfc 2119 6. Guidance in the use of these Imperatives In particular, they MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions) eg. If the server does pick up a different cipher in server hello, it indeed cause a renegotiation instead of a successfuly resume. So is that possible to make this specification more strict with a 'MUST'? "For resumed sessions, this field s/is/MUST/ the value from the state of the session being resumed." Thank you! BR Rik