Re: [TLS] Fallback SCSV summary
"Yngve N. Pettersen" <yngve@spec-work.net> Mon, 10 November 2014 20:19 UTC
Return-Path: <yngve@spec-work.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBD8E1ACDF6 for <tls@ietfa.amsl.com>; Mon, 10 Nov 2014 12:19:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzdncdGOSdHr for <tls@ietfa.amsl.com>; Mon, 10 Nov 2014 12:19:27 -0800 (PST)
Received: from smtp.domeneshop.no (smtp.domeneshop.no [IPv6:2a01:5b40:0:252::55]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A057E1A00F9 for <tls@ietf.org>; Mon, 10 Nov 2014 12:19:27 -0800 (PST)
Received: from 151.170.251.212.customer.cdi.no ([212.251.170.151]:56903 helo=killashandra.invalid.invalid) by smtp.domeneshop.no with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <yngve@spec-work.net>) id 1XnvQr-0001xH-O1; Mon, 10 Nov 2014 21:19:25 +0100
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: tls@ietf.org, Hubert Kario <hkario@redhat.com>
References: <CAOgPGoDr-UyBHpY3TMfPA8b_b3Brtpj3iYRt7a86ZNR8LunfuA@mail.gmail.com> <op.xozlpdnx3dfyax@killashandra.invalid.invalid> <4414621.ICZNB95z47@pintsize.usersys.redhat.com>
Date: Mon, 10 Nov 2014 21:19:03 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen" <yngve@spec-work.net>
Message-ID: <op.xo4ld1im3dfyax@killashandra.invalid.invalid>
In-Reply-To: <4414621.ICZNB95z47@pintsize.usersys.redhat.com>
User-Agent: Opera Mail/12.17 (Win32)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/ATCgPncFSlPbp3NoSRoN1EdxWWc
Subject: Re: [TLS] Fallback SCSV summary
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 20:19:31 -0000
On Mon, 10 Nov 2014 17:48:24 +0100, Hubert Kario <hkario@redhat.com> wrote: > On Saturday 08 November 2014 04:37:51 Yngve N. Pettersen wrote: >> Hello all, >> >> Below is some statistics that I did not complete gathering until this >> week, related to something I think was mentioned in the SCSV discussion >> thread a couple of weeks ago: Some servers are apparently intolerant to >> the SCSV, and attempts to connect using the SCSV will fail. >> >> My TLS Prober runs indicates that 2.5% of servers will fail a connection >> using the SCSV when it is placed at the last position in the cipher >> suite >> list, and 4.9% will fail if it is placed at the beginning of the list. > > I'm assuming you mean a test with ClientHello that otherwise includes > ciphers > that were verified as supported by server, includes the RC4 ciphers in > the > first 64 ciphers and is smaller than 256 bytes. > > In other words, tested in a way that won't trigger other common bugs. The Client Hellos in this case are usually smaller than 160 bytes, and includes the same cipher suites and extensions that the server was tested with originally to determine support for the TLS version and support for extensions. IOW, the Client Hello is just 2 bytes longer than those original Hellos. For reference, 13% of the servers intolerant against the SCSV at the end were also failing a 256 byte Hello, and 8% of those failing at the start also failed the 256 byte test. -- Sincerely, Yngve N. Pettersen Using Opera's mail client: http://www.opera.com/mail/
- [TLS] Fallback SCSV summary Joseph Salowey
- Re: [TLS] Fallback SCSV summary Yngve N. Pettersen
- Re: [TLS] Fallback SCSV summary Hubert Kario
- Re: [TLS] Fallback SCSV summary Bodo Moeller
- Re: [TLS] Fallback SCSV summary Yngve N. Pettersen
- Re: [TLS] Fallback SCSV summary Bodo Moeller
- Re: [TLS] Fallback SCSV summary Bodo Moeller
- Re: [TLS] Fallback SCSV summary Martin Thomson
- Re: [TLS] Fallback SCSV summary Bodo Moeller
- Re: [TLS] Fallback SCSV summary Martin Thomson