Re: [TLS] ALPN concerns

Nico Williams <nico@cryptonector.com> Wed, 06 November 2013 20:19 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E387E11E80E2 for <tls@ietfa.amsl.com>; Wed, 6 Nov 2013 12:19:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.521
X-Spam-Level:
X-Spam-Status: No, score=-2.521 tagged_above=-999 required=5 tests=[AWL=0.078, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cNZKlUtZjjkX for <tls@ietfa.amsl.com>; Wed, 6 Nov 2013 12:18:59 -0800 (PST)
Received: from homiemail-a66.g.dreamhost.com (mailbigip.dreamhost.com [208.97.132.5]) by ietfa.amsl.com (Postfix) with ESMTP id DCCA111E80D9 for <tls@ietf.org>; Wed, 6 Nov 2013 12:18:59 -0800 (PST)
Received: from homiemail-a66.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTP id EBA2335007F; Wed, 6 Nov 2013 12:18:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=IepsPuvCzN/5XJ /2pJxfXZ02VBM=; b=x9pmzZ7UzfTK3FdwtvWQ52LtFk3SIYyc3Y4wpUzNG4HX+c 7m5aFjfpvVvjdkAXcTLYNC9ocKDLEiuUtycbEVsy7kUC6iqrKSn2e6Tn9DoY4XDy vKBzbjkN7/ErilcRaE1fBzdVV/0xecvAnIb1KOu4Sd1E3GMF2sDDCedQc2vTs=
Received: from localhost (108-207-244-174.lightspeed.austtx.sbcglobal.net [108.207.244.174]) (Authenticated sender: nico@cryptonector.com) by homiemail-a66.g.dreamhost.com (Postfix) with ESMTPA id 8846A350079; Wed, 6 Nov 2013 12:18:58 -0800 (PST)
Date: Wed, 06 Nov 2013 14:18:56 -0600
From: Nico Williams <nico@cryptonector.com>
To: Dr Stephen Henson <lists@drh-consultancy.co.uk>
Message-ID: <20131106201853.GP18713@localhost>
References: <9A043F3CF02CD34C8E74AC1594475C736540E268@uxcn10-tdc06.UoA.auckland.ac.nz> <E774C81546D66E429BF56B1474C7EBBA012CE328CB@SEAEMBX01.olympus.F5Net.com> <CAL9PXLzLrCygvS5o-uBAdMbz0U7bZf_L-eQZsbK+Z-eY-XWtRA@mail.gmail.com> <527A86A7.5080700@drh-consultancy.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <527A86A7.5080700@drh-consultancy.co.uk>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: tls@ietf.org
Subject: Re: [TLS] ALPN concerns
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 20:19:05 -0000

On Wed, Nov 06, 2013 at 06:12:55PM +0000, Dr Stephen Henson wrote:
> On 06/11/2013 18:03, Adam Langley wrote:
> > On Wed, Nov 6, 2013 at 1:00 PM, Xiaoyong Wu <X.Wu@f5.com> wrote:
> >> As I am explaining this in detail, I would say that another work around on this would be making a client hello that exceeds 512 in length.
> > 
> > ^^^ Holy crap. I wish I had known that sooner. That might solve the issue.
> > 
> 
> Just did a quick test with OpenSSL on a couple of known "hang" machines. Seems
> to work.

I'm not adding much, but: that sound we hear is the collective sigh of
relief of the TLS WG list!

This will also help with TLSv1.3, assuming we get there.