[TLS] Broken browser behaviour with SCADA TLS
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 04 July 2018 06:52 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64CCA130ED4 for <tls@ietfa.amsl.com>; Tue, 3 Jul 2018 23:52:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IW4y1wg1RXX6 for <tls@ietfa.amsl.com>; Tue, 3 Jul 2018 23:52:41 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC222130EC8 for <tls@ietf.org>; Tue, 3 Jul 2018 23:52:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1530687160; x=1562223160; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=JWiVpGla0jBZyAMrKdpW/Mk7F0K/6oLCDv+QEu5/17Y=; b=YPrilavKQwSFicX7A5deF5tIHmPR/GudpRwR0mk2LH+JzogXbbYL3iCE RDMikLYamNyHVe+ZtwVb+qxRKGUiTwBlFnQe7G1d9GSITT8ZBHUrqm64t x9qxScrN6sQaPdqvH0j5UuPELeSMZzALyx5iZrNGDhpmSTOSDY/K1Asq7 k8rBNH2Ugyec9a7Rh1hlbGnqfCwZk6z4vKcWpAXcUVcZnlGHOnGTQfMMt DKcFB4d9PdVENJ2zsbodDuBZ5TCU0kyUiU7K/Isml2TcBv9z9I/yCcJT5 FljNuEaO2EcGtJ/DRXJadkqxWOlIaVu+2rfVtjE7qbnLG45ylXnV4itA6 Q==;
X-IronPort-AV: E=Sophos;i="5.51,306,1526299200"; d="scan'208";a="19528805"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.3 - Outgoing - Outgoing
Received: from smtp.uoa.auckland.ac.nz (HELO uxcn13-ogg-b.UoA.auckland.ac.nz) ([10.6.2.3]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 04 Jul 2018 18:52:35 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-b.UoA.auckland.ac.nz (10.6.2.23) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 4 Jul 2018 18:52:34 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::ccab:7bf5:3d4a:aed8]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::ccab:7bf5:3d4a:aed8%14]) with mapi id 15.00.1263.000; Wed, 4 Jul 2018 18:52:34 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: Broken browser behaviour with SCADA TLS
Thread-Index: AQHUE2JmEGgXYKCP9EqF19k6tdX1YA==
Date: Wed, 04 Jul 2018 06:52:33 +0000
Message-ID: <1530687136897.97792@cs.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/MCFNPC6KVVYtjIL3KNrVgYFGiok>
Subject: [TLS] Broken browser behaviour with SCADA TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 06:52:44 -0000
The following is an attempt to condense some off-list discussions with SCADA folks about the broken behaviour of some browsers when it comes to interaction with SCADA devices running TLS. tl;dr: Chrome is practically unusable, at the other end of the scale Firefox is fine, and there's something weird happening with IE, possibly due to the use of non-CA-bought certificates. A disclaimer for the following: This involved a lot of fiddling with server configs to exercise all the different options and recreate what people were reporting, so there may be some anomalies arising from getting a particular combination of browser+server config wrong. I can post a full trace of cipher suites offered and accepted if anyone's interested. Browser versions IE = 11.0.9600.18538 Chrome = 67.0.3396.87 Firefox = last version before they broke all the extensions DHE + RSA, ECDHE + ECDSA, ECDHE + RSA, RSA only: Chrome: [Connects correctly] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] DHE + RSA, ECDHE + ECDSA, RSA only (using RSA server key, so in effect no ECDSA): Chrome: [Client negotiates non-PFS pure-RSA and ignores PFS DHE, then disconnects after sending/receiving Finished, then reconnects and repeats] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] DHE + RSA, RSA only: Chrome: [Client negotiates non-PFS pure-RSA and ignores PFS DHE] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] DHE + RSA only: Chrome: [Unable to connect, "The client and server don't support a common SSL protocol version or cipher suite"] Firefox: [Connects correctly] IE: [Does some weird fallback dance where it reconnects using TLS 1.0 several times when the cert is unrecognised and you click OK to accept it, then closes the connection after negotiating DHE at the point where the server has sent its Server Hello Done] Summary: Most broken browser unless exactly the right cipher suite is available: Chrome Least broken browser: Firefox (at least for the last proper version they released) Peter.
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Salz, Rich
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Nikos Mavrogiannopoulos
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- Re: [TLS] Broken browser behaviour with SCADA TLS Salz, Rich
- Re: [TLS] Broken browser behaviour with SCADA TLS Kurt Roeckx
- Re: [TLS] Broken browser behaviour with SCADA TLS David Benjamin
- Re: [TLS] Broken browser behaviour with SCADA TLS Colm MacCárthaigh
- Re: [TLS] Broken browser behaviour with SCADA TLS David Benjamin
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Adam Langley
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann