Re: [TLS] when is it ok to resume a cached SSL/TLS session
Martin Rex <martin.rex@sap.com> Wed, 17 January 2007 19:51 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H7GoX-0007EY-VM; Wed, 17 Jan 2007 14:51:17 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H7GoW-0007ES-3j for tls@ietf.org; Wed, 17 Jan 2007 14:51:16 -0500
Received: from smtpde02.sap-ag.de ([155.56.68.170]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H7GoU-0002x7-N9 for tls@ietf.org; Wed, 17 Jan 2007 14:51:16 -0500
Received: from sap-ag.de (smtpde02) by smtpde02.sap-ag.de (out) with ESMTP id UAA12924 for <tls@ietf.org>; Wed, 17 Jan 2007 20:51:08 +0100 (MEZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200701171951.UAA11861@uw1048.wdf.sap.corp>
Subject: Re: [TLS] when is it ok to resume a cached SSL/TLS session
To: tls@ietf.org
Date: Wed, 17 Jan 2007 20:51:08 +0100
In-Reply-To: <200701151435.PAA28213@uw1048.wdf.sap.corp> from "Martin Rex" at Jan 15, 7 03:01:56 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Cc:
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Martin Rex wrote: > > The problem: The popular browser, when trying to access the older > SSL/TLS implementation on a different TCP-Port is sending a > session ID from the newer SSL/TLS implementation, apparently trying > to resume an existing SSL session in the client-side session cache. > > The server doesn't recognize that session and replies with > a Server Hello containing his highest protocol version, plus > plus server certificate message plus client cert request plus > server hello done. The popular Web Browser closes the network > connection without sending any kind of SSL alert and shows > "Page cannot be displayed" to the user. > > > I firmly believe that this is a conceptual flaw on the client > side, making a flawed assumption about when a cached SSL session > can be expected to be resumable. > > The problem is not with the client sending an existing session ID, > it is about dealing with the servers reply during the SSL/TLS handshake. > - a server on a different port might not be sharing the session > cache with the other > - a server on a different port migt be using an entirely different > SSL/TLS protocol implementation supporting different protocol > versions and extensions > - a server on a different port might be using a seperate server cert > - a server on a different port might be sending/using an independent > list of trusted CAs in a client certificate request > > In our customers case, the Browser might be aborting thinking that > the a version rollback attack is being performed, but honestly, I don't > know what the problem is. The browsers SSL implementation is > extremely poor/broken when reporting errors. After some further investigation I have been able to reproduce the error on our machines. It seems to be related to either the ciphersuite or the (algorithm) of the server's certificate (RSA vs DSA). The protocol version doesn't seem to matter in this case. The customer has installed a DSA server certificate on the newer J2EE service and an RSA server certificate on the older C/C++ service. I've just reproduced this behaviour using an IIS with DSA certificate and my own test-server with an RSA certificate on the same host but different ports. When I click an URL referencing the RSA-server on a page served from the DSA-server, the browser aborts with "Page cannot be displayed". When I hit "refresh", the page loads. (Maybe the browser invalidates the client cache entry after the error). -Martin _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Question on Stateless TLS Session Resumption Narayanan, Vidya
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- Re: [TLS] Question on Stateless TLS Session Resum… Eric Rescorla
- Re: [TLS] Question on Stateless TLS Session Resum… Lakshminath Dondeti
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] when is it ok to resume a cached SSL/TLS se… Martin Rex
- [TLS] Re: when is it ok to resume a cached SSL/TL… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Eric Rescorla
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Kyle Hamilton
- Re: [TLS] Re: when is it ok to resume a cached SS… home_pw
- Re: [TLS] Re: when is it ok to resume a cached SS… Martin Rex
- RE: [TLS] Question on Stateless TLS Session Resum… Narayanan, Vidya
- Re: [TLS] when is it ok to resume a cached SSL/TL… Martin Rex