Re: [TLS] Renego Indication RI patch interaction with TLS major
Martin Rex <mrex@sap.com> Wed, 16 June 2010 00:37 UTC
Return-Path: <mrex@sap.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DF5F13A6A91 for <tls@core3.amsl.com>; Tue, 15 Jun 2010 17:37:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.067
X-Spam-Level:
X-Spam-Status: No, score=-8.067 tagged_above=-999 required=5 tests=[AWL=0.323, BAYES_20=-0.74, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EV2VgayH5Tqy for <tls@core3.amsl.com>; Tue, 15 Jun 2010 17:37:03 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id 9F83B3A6A8E for <TLS@ietf.org>; Tue, 15 Jun 2010 17:37:02 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o5G0b1ON015479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 16 Jun 2010 02:37:01 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201006160037.o5G0b0uI021335@fs4113.wdf.sap.corp>
To: yngve@opera.com
Date: Wed, 16 Jun 2010 02:37:00 +0200
In-Reply-To: <op.vec8hyzoqrq7tp@acorna.invalid.invalid> from "Yngve N. Pettersen" at Jun 16, 10 01:50:12 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: simon@josefsson.org, TLS@ietf.org
Subject: Re: [TLS] Renego Indication RI patch interaction with TLS major
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2010 00:37:04 -0000
Yngve N. Pettersen wrote: > > For those interested, at present > > - 3.4% of 383531 probed servers are intolerant in the 3.x range (69% > including the 4.x range, 83% of renego patched server also in the v4.x > range) Which means that the few renego patched implementations that have been installed are those that are intolerant to protocol version v4.x > > - 0.4% require RSA CKE version field to match negotiated version > - 31.6% does not check the RSA CKE version field There had been defective clients sending incorrect RSA CKE versions, and a change from non-checking to checking the value in a server implementation would suddenly break interop with those (old) clients. Checking of the RSA CKE version field is only for the situation that your server (a) allows extremely weak cipher suites and the client offers nothing but extremely weak cipher suites. > > - 43 of 383531 servers mirror the client hello version back to the client > - 990 of 383531 server use the record protocol field instead of the > client hello version when negotiating I assume that by "client hello version" you are actually refering to the "client_version" field of the ClientHello handshake message? > > - 99 of 383531 support TLS 1.1 > - 2 of 383531 support TLS 1.2 (both are known test servers) That's even less than what I would have expected. How many of these 383531 servers are still at SSLv3? > > None of these six servers tolerate v3.4, "TLS 1.3" (multiple tests > performed), TLS 1.2 was accepted. There is no such thing as TLS 1.3 and given the adoption rate of TLSv1.1 and TLSv1.2, the message from implementors seems clear: fancy features for which there is no pressing need for a significant fraction of the installed base should be implemented and negotiated through a TLS extension rather than a new TLS protocol revision. Looking at the GOST cipher suites for TLS, implementations are doing the TLSv1.2-style replacement of the PRF while still running at TLSv1.0, and it works (and is MUCH less work than having to implement full TLSv1.1 and v1.2 first). -Martin
- [TLS] Renego Indication RI patch interaction with… Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Adam Langley
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Ivan Ristic
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Martin Rex
- Re: [TLS] Version (in)tolerance Marsh Ray