Re: [TLS] Broken browser behaviour with SCADA TLS
Martin Thomson <martin.thomson@gmail.com> Wed, 04 July 2018 07:05 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80826130DD7 for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 00:05:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U9kq-VuAZ_5i for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 00:05:20 -0700 (PDT)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75505130E44 for <tls@ietf.org>; Wed, 4 Jul 2018 00:05:20 -0700 (PDT)
Received: by mail-oi0-x22d.google.com with SMTP id k81-v6so8785385oib.4 for <tls@ietf.org>; Wed, 04 Jul 2018 00:05:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0qWK92xYsRvsgjdDZnaCnZAACbu16i3G49VumJgulPA=; b=h8DiKFu5SFveigYPXBxt0ztiNtXvPiI5MImNbqUpyj1v4JLfucbU2p4wJBCpEjUaJN KKd6NAZpmFafUJWXpfBUX9A++Brzt/9p0pT2YAL9jyfFFWG2k/TaHesarc0sxRqJVfjy ydSO+tQJUsIgsRKDG89nyDZjmQUADkgeaaKXQo/B/T4Wa/qgRtm1ErFCgX20II4ebQtQ uM2ctDzxR/dWPytYuCueK9uulkUVH5uvGKo9cxkvD6bK0YzBZB2qTbEREO7iQtE8vwlv 7cHEeE0lt6P1+ENNdqhXNVfFx53/tDeZl7/ghxTyhzs2W3kb9LArbc3mmZD+RKkUlQDE OaUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0qWK92xYsRvsgjdDZnaCnZAACbu16i3G49VumJgulPA=; b=fa/jWp90eUHwkIz/PbOaoqvc2FBTIpjiYTMB2LudGx2+6GYSDaez4inU1L3fukblQe 0of5wAcXjB169q34uOmkqY79sny/A0nwkrTDhQRff2b9BKiHS9Z+Qycqwh0phT5jwsdC 44+gFkwOd4SOn9qgN/9K0eccHJTadsRhJ2fe9u6WwOnWyVUUDPvIa7tJEEim+NMa93Ax Wx4c5p/+VYOX8y5w32smXTRqhu1CYdVl18/SWRuElUVBVmg2F1SRtJ7w+Wx+rdpJ1GpW Q/LEZfD0yOKguZgIloLTwoXdAmAvbXd68ua1aiOYucYhhJwiItVApvIbjdZ5jTZeHnaM QaCQ==
X-Gm-Message-State: APt69E38jFKHwi4qPXdlUkJiJkAjlxK/LjViM4PW6x9ViBi2Cd9JdGVD 0I0OJyac8TodBaIjjvo4WBPtTrHrkzCA9L45j9pEs4ol
X-Google-Smtp-Source: AAOMgpck7hMhXT3KBKOOeJ6laE2qzrKew3Zn9iruN+FRGohzyC8zbUDUqOEND99s/5+PzixJM6u5oVUpNYvqQvn3NoY=
X-Received: by 2002:aca:d592:: with SMTP id m140-v6mr961888oig.346.1530687919681; Wed, 04 Jul 2018 00:05:19 -0700 (PDT)
MIME-Version: 1.0
References: <1530687136897.97792@cs.auckland.ac.nz>
In-Reply-To: <1530687136897.97792@cs.auckland.ac.nz>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 04 Jul 2018 17:05:08 +1000
Message-ID: <CABkgnnXsM2_PsL_YsuNEh6eDyp-R2d2JRm6OmGFh9nRAV5Lukg@mail.gmail.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/JuRu_Pwx49K3eVDbHRAXI3P-WLw>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 07:05:23 -0000
On Wed, Jul 4, 2018 at 4:53 PM Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > ... Client negotiates non-PFS pure-RSA and ignores PFS DHE ... How is the client doing any of this? The server picks the cipher suite. > Least broken browser: Firefox (at least for the last proper version they released) Newer versions might not have DHE, which I hope is consistent with your expectations. But we haven't started on those plans. As of the latest version, things should be the same - extensions shouldn't affect whether connections work. The problem with DHE of course being that it uses the TLS 1.0 suites with the SHA1 MAC and with the MAC and encrypt in the wrong order. And that it is subject to small subgroup attacks from the server unless it negotiates the FFDHE extension.
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Salz, Rich
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Nikos Mavrogiannopoulos
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- Re: [TLS] Broken browser behaviour with SCADA TLS Salz, Rich
- Re: [TLS] Broken browser behaviour with SCADA TLS Kurt Roeckx
- Re: [TLS] Broken browser behaviour with SCADA TLS David Benjamin
- Re: [TLS] Broken browser behaviour with SCADA TLS Colm MacCárthaigh
- Re: [TLS] Broken browser behaviour with SCADA TLS David Benjamin
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Adam Langley
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann