Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt

Tony Arcieri <bascule@gmail.com> Wed, 03 June 2015 06:52 UTC

Return-Path: <bascule@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26BB61B35D8 for <tls@ietfa.amsl.com>; Tue, 2 Jun 2015 23:52:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5WzoLhq1VAY for <tls@ietfa.amsl.com>; Tue, 2 Jun 2015 23:52:57 -0700 (PDT)
Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 491001B35DB for <tls@ietf.org>; Tue, 2 Jun 2015 23:52:57 -0700 (PDT)
Received: by oiww2 with SMTP id w2so643268oiw.0 for <tls@ietf.org>; Tue, 02 Jun 2015 23:52:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=qkAXF8DhEtw4E5In0t/YvWQmCxw81kIG+etI4eOUJxA=; b=hOe+BHaIBPe2MLqWvvH1THK2I5+hiT0GnuZVoCv5ySCFECJ6uVVa+yZHCq3zCOGvZ1 I5lLuiZA/8j6/wMP9ZVIuhEocHoZVFJflyjmApzw9dyDBSR2qRat0O0oX1HjqNNQYIrW Hzpnj4ZqBH+TGtVtJG/ABYGr5MDvAQ0KqzJ9SjEhIhA73/7mDPZq8MZnkBNNLiGpqlPx fQ/XrmBElXzZVa3qEHGlyLEbM6bMdMHuMa4Feo7ILnWw+MVpAMYf40BDN4sn6LKpX420 41yzRk+6XX0U5L5KR4u3PvxF7sOZKmyOFDVIIT+zPGWsxOyenUytYMoLPEEP6CwYIQlH r/Pw==
X-Received: by 10.202.210.80 with SMTP id j77mr24505782oig.68.1433314376652; Tue, 02 Jun 2015 23:52:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.76.110.241 with HTTP; Tue, 2 Jun 2015 23:52:36 -0700 (PDT)
In-Reply-To: <BLU177-W17E87DB68F54CE64BDC44C3B40@phx.gbl>
References: <20150601225057.17500.96911.idtracker@ietfa.amsl.com> <CAHOTMVJ1xu+mEaROWKuEtW1E8Ks3r3gKagEM9mJdBOKW3kSZJQ@mail.gmail.com> <1474500.r0W7gM0pAO@pintsize.usersys.redhat.com> <CAHOTMVJgqqRBYWR+8LtwxfdRVWxEXLZAgzr5Q-1DH7ejONAGnw@mail.gmail.com> <m2lhg1b8us.fsf@localhost.localdomain> <CAHOTMVLrgUNi449DQwggt556ioEeXCQTUN+M3phBftPk88xtOw@mail.gmail.com> <BLU177-W17E87DB68F54CE64BDC44C3B40@phx.gbl>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 2 Jun 2015 23:52:36 -0700
Message-ID: <CAHOTMVLpmS94cBZOxu6e3-e2MMO+Z0SAvPb7dWW47jQqXpT9+A@mail.gmail.com>
To: Yuhong Bao <yuhongbao_386@hotmail.com>
Content-Type: multipart/alternative; boundary=001a113d2656459ef305179782ac
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/EGWRaCtGcxGXqAGTUmohc-LbK_I>
Cc: Geoffrey Keating <geoffk@geoffk.org>, TLS WG <tls@ietf.org>
Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2015 06:52:59 -0000

Yes sorry I meant ClientKeyExchange...

But can you explain to me how this solves the problem for legacy clients?

On Tue, Jun 2, 2015 at 11:52 PM, Yuhong Bao <yuhongbao_386@hotmail.com>
wrote:

> The client don't receive the ServerKeyExchange message containing the DHE
> key at all until after they sent the ClientHello.
>
> ________________________________
> > From: bascule@gmail.com
> > Date: Tue, 2 Jun 2015 23:35:46 -0700
> > To: geoffk@geoffk.org
> > CC: tls@ietf.org
> > Subject: Re: [TLS] I-D Action: draft-ietf-tls-negotiated-ff-dhe-10.txt
> >
> > On Tue, Jun 2, 2015 at 11:32 PM, Geoffrey Keating
> > <geoffk@geoffk.org<mailto:geoffk@geoffk.org>> wrote:
> > It's covered in section 4:
> >
> > If at least one FFDHE ciphersuite is present in the client
> > ciphersuite list, and the Supported Groups extension is either absent
> > from the ClientHello
> >
> > Unless I'm mistaken, unless you configure the
> > jdk.tls.disabledAlgorithms property explicitly (with e.g. "DHE keySize
> >> 2048"), Java clients are aborting *before* they send the ClientHello.
> > Please let me know if you're seeing otherwise. I could be mistaken and
> > perhaps there's a server-side workaround for this that isn't "disable
> > all DHE ciphersuites". But this is what I've personally observed and
> > have been advising people about.
> >
> > I'm not saying it can't be fixed with additional
> > configuration/errata/etc, I'm arguing that it's *breaking clients in
> > the field right now*
> >
> > tl;dr: I am seeing *widespread TLS breakages* because of this resulting
> > in *huge outages* for Java clients
> >
> > --
> > Tony Arcieri
> >
> > _______________________________________________ TLS mailing list
> > TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
>
>



-- 
Tony Arcieri