Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Xiaoyin Liu <> Fri, 03 June 2016 05:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id B89AF12D571 for <>; Thu, 2 Jun 2016 22:36:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.617
X-Spam-Status: No, score=-1.617 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UE5UFqx4EGaM for <>; Thu, 2 Jun 2016 22:36:30 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0B95812D167 for <>; Thu, 2 Jun 2016 22:36:30 -0700 (PDT)
Received: from BAY405-EAS343 ([]) by over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Thu, 2 Jun 2016 22:36:29 -0700
X-TMN: [r8iQN9Qay60CNu8uOsiMGT+YuurNWz65]
X-Originating-Email: []
Message-ID: <BAY405-EAS343BFF79F18A94F0225CDD6FF590@phx.gbl>
Content-Type: multipart/alternative; boundary="_5cb91698-73d5-4124-a5cb-bf500473f37e_"
MIME-Version: 1.0
To: Dave Garrett <>, "" <>
From: Xiaoyin Liu <>
Date: Fri, 3 Jun 2016 13:36:27 +0800
Importance: normal
X-Priority: 3
X-OriginalArrivalTime: 03 Jun 2016 05:36:29.0749 (UTC) FILETIME=[E124F650:01D1BD59]
Archived-At: <>
Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 03 Jun 2016 05:36:32 -0000

I strongly support this proposal.


From: Dave Garrett<>
Sent: Friday, June 3, 2016 12:17
Subject: Re: [TLS] no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Allrighty then; time to dust off and rebase an old changeset I was fiddling with last year on this topic:
(I cleaned up a bit when rebasing, but it probably needs some work; was just a WIP branch, never a PR)

This was the result of prior discussions on-list about TLS version intolerance. The gist of the proposal:
1) Freeze all the various version number fields.
2) Send a list of all supported versions in an extension. (version IDs converted to 16-bit ints instead of 8-bit pairs)
3) Use short (1 or 2 value, based on hello version) predefined lists for hellos from old clients not sending the extension.
4) Compare lists to find highest overlap, avoiding guesswork or problems with noncontinuous lists.
5) Forget the old mess of version intolerance existed.

Do we want to consider scrapping the old version negotiation method again?


TLS mailing list