IETF Logo Mail Archive

Re: [TLS] Deprecating SSLv3

Yuhong Bao <yuhongbao_386@hotmail.com> Tue, 25 November 2014 10:15 UTC

Return-Path: <yuhongbao_386@hotmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D3451A0081 for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 02:15:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.241
X-Spam-Level:
X-Spam-Status: No, score=0.241 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, WEIRD_PORT=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h5158CSuNvyM for <tls@ietfa.amsl.com>; Tue, 25 Nov 2014 02:15:39 -0800 (PST)
Received: from BLU004-OMC1S30.hotmail.com (blu004-omc1s30.hotmail.com [65.55.116.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C01201A0099 for <tls@ietf.org>; Tue, 25 Nov 2014 02:15:38 -0800 (PST)
Received: from BLU177-W4 ([65.55.116.7]) by BLU004-OMC1S30.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Tue, 25 Nov 2014 02:15:37 -0800
X-TMN: [AZ6zUboV4aXcjFfFdPsQjKGtWms1KOhE]
X-Originating-Email: [yuhongbao_386@hotmail.com]
Message-ID: <BLU177-W4608BD504592C2960A67CC3730@phx.gbl>
Content-Type: multipart/alternative; boundary="_50c77afc-37d5-44a6-bf05-2b2331af80e3_"
From: Yuhong Bao <yuhongbao_386@hotmail.com>
To: Hubert Kario <hkario@redhat.com>, "tls@ietf.org" <tls@ietf.org>
Date: Tue, 25 Nov 2014 02:15:37 -0800
Importance: Normal
In-Reply-To: <1713002.kBYARvl7be@pintsize.usersys.redhat.com>
References: <20141124155935.51E0C1B004@ld9781.wdf.sap.corp>, <1713002.kBYARvl7be@pintsize.usersys.redhat.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 25 Nov 2014 10:15:37.0837 (UTC) FILETIME=[C21B61D0:01D00898]
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/NdBdWzFd1yLTV5nMDnBsCdVLHwU
Subject: Re: [TLS] Deprecating SSLv3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Nov 2014 10:15:40 -0000

> > Just a few days ago I was working on a customer message about interop
> > problems with a Business-2-Business scenario, and the Server that is used
> > seems to be an extensions-intolerant TLSv1.0 server.  The server is OK
> > with ClientHello.client_version = { 3, 3 }, but when ClientHello includes
> > any TLS extensions, it will abort with a fatal unexpected_message(10) alert.
> > 
> >  (the Website is http://www.elemica.com,
> >    the service(s) are on https://preprod.connect.elemica.com:5443
> >                      and https://connect.elemica.com:5443
> >    authentication is by TLS client certificate, but you'll see the
> >    TLS extensions intolerance by the fatal alert response to ClientHello.
> > 
> > > I think we can safely banish a protocol that only 0.5% of servers require
> > > for interoperability.
> > 
> > Maybe you can, but I can not.  The support load would still be prohibitive.
> 
> In the case you're talking about you can connect using TLS1.0 without 
> extensions, and while that is suboptimal in general it is allowed under 
> current draft (and supported with TLS_FALLBACK_SCSV).
> 
> Anyway, you should file a complaint to the manufacturer that it haven't 
> addressed the POODLE vulnerability in their product (or that it doesn't 
> implement advertised protocols properly).
> If you don't have a contract under which you can do that or can't change the 
> TLS library yourself, you have much bigger problems anyway...
I'd explicitly say that the problem is TLS extensions intolerance which would cause browsers to fall back to SSLv3.As a side note, while TLS extensions intolerance is a bit painful too, I feel that it is worth the effort to eliminate. Besides SNI and OCSP stapling, there is also RFC 7366 which is an Encrypt after MAC extension for TLS.
Yuhong Bao

v2.23.0 | Report a Bug | By Email