[TLS] ClientHello record header version
R du Toit <r@nerd.ninja> Fri, 02 February 2018 18:22 UTC
Return-Path: <r@nerd.ninja>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 064D812D9FE for <tls@ietfa.amsl.com>; Fri, 2 Feb 2018 10:22:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.12
X-Spam-Level:
X-Spam-Status: No, score=-0.12 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nerd.ninja
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N424qcbLcEYY for <tls@ietfa.amsl.com>; Fri, 2 Feb 2018 10:22:13 -0800 (PST)
Received: from sender-of-o52.zoho.com (sender-of-o52.zoho.com [135.84.80.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 331DB12D80F for <tls@ietf.org>; Fri, 2 Feb 2018 10:22:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1517595728; s=zoho; d=nerd.ninja; i=r@nerd.ninja; h=Date:Subject:From:To:Message-ID:Mime-version:Content-type; l=5774; bh=ITsOokUTXjyj+XFioHXMCxkSujIVVp1LyI+TZ4awjuI=; b=GqSBkkPdpwWXfQ2zZ62dJSc2RjDpC6ChTmFz0xMrsiLZINgDjMSV8pvGoH1OeDPj RuvbnHL1PC9fgUtZ3/ICYeaNHxVyVimkwYO9kX/e6tIcoMLyEJcjjjHB7R+SQcHTCvh gJj0NmJxd/hEGLKri4x/KLJt/VmYX81WxliLSbNw=
Received: from [192.168.123.225] (dynamic-acs-24-112-242-116.zoominternet.net [24.112.242.116]) by mx.zohomail.com with SMTPS id 1517595728759290.3013338548386; Fri, 2 Feb 2018 10:22:08 -0800 (PST)
User-Agent: Microsoft-MacOutlook/f.20.0.170309
Date: Fri, 02 Feb 2018 13:22:06 -0500
From: R du Toit <r@nerd.ninja>
To: "tls@ietf.org" <tls@ietf.org>
Message-ID: <389CDA50-B152-473B-84BA-CCE226F1EF40@nerd.ninja>
Thread-Topic: ClientHello record header version
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3600422528_1190211606"
X-ZohoMailClient: External
X-ZohoMail: Z_658201841 SPT_1 Z_47369130 SPT_1 SLF_D
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/HFgVyViBbao_MDdN-R3NpmejUeU>
Subject: [TLS] ClientHello record header version
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 18:22:15 -0000
In the process of testing my TLS 1.3 draft-23 implementation against OpenSSL (openssl.git:50ea9d2b3521467a11559be41dcf05ee05feabd6) I ran into an interoperability issue: the retry ClientHello record header version is set at 0x0301, while the ServerHello (HRR) and fake CCS records arriving from the server have record header version 0x0303. I know this is according to the letter of the spec, specifically this sentence from Section 5.1: In order to maximize backwards compatibility, records containing the ClientHello MUST have version 0x0301 and records containing the ServerHello MUST have version 0x0303, reflecting TLS 1.0 and TLS 1.2 respectively. In diagram format: 0x0301:CH --> <-- 0x0303:SH(HRR) <-- 0x0303:CCS 0x0301:CH(retry) --> <-- 0x0303:SH etc .. but I do think it will cause more issues down the line due to the record header version toggling between 0x0301 and 0x0303. At the point in the handshake where the retry ClientHello is sent the "compatibility mode" changes have already served its purpose. I believe some interop issues could be avoided by sending the retry ClientHello with record header version 0x0303. --Roelof
- [TLS] ClientHello record header version R du Toit
- Re: [TLS] ClientHello record header version David Benjamin
- Re: [TLS] ClientHello record header version R du Toit