IETF Logo Mail Archive

Re: [TLS] The risk of misconfiguration

Viktor Dukhovni <viktor1dane@dukhovni.org> Tue, 06 May 2014 23:30 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D13A1A0662 for <tls@ietfa.amsl.com>; Tue, 6 May 2014 16:30:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level:
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_22=0.6, J_CHICKENPOX_24=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MOiybh17yf2l for <tls@ietfa.amsl.com>; Tue, 6 May 2014 16:30:11 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 42CB61A0643 for <tls@ietf.org>; Tue, 6 May 2014 16:30:11 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id E2BF02AA9FF; Tue, 6 May 2014 23:30:05 +0000 (UTC)
Date: Tue, 06 May 2014 23:30:05 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20140506233005.GF27883@mournblade.imrryr.org>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <53692FC2.1060009@akr.io> <8b505f49d3f846ddac8b26964e330622@BL2PR03MB419.namprd03.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8b505f49d3f846ddac8b26964e330622@BL2PR03MB419.namprd03.prod.outlook.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/NlQzYHQjLJC8kcz-T0OMvPe6Tx4
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 May 2014 23:30:12 -0000

On Tue, May 06, 2014 at 10:48:46PM +0000, Andrei Popov wrote:

> I have nothing to say in support of the EXPORT ciphers:)

Yes, and throw in LOW as well:

    EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
    EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
    ADH-DES-CBC-SHA         SSLv3 Kx=DH       Au=None Enc=DES(56)   Mac=SHA1
    DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1

These (EXPORT and LOW) fortunately seem to have some time ago
outlived their useful life.  They can I think be disabled, rather
than offered at the bottom of the client cipherlist, without
degrading even opportunistic security where handshake-failure leads
to cleartext fallback.

This would leave OpenSSL with eNULL, MEDIUM and HIGH.  HIGH includes
3DES, presumably in part because this is a historical MUST implement
for interoperability cipher-suite.  In practice that role was and
to some extent still is actually played by RC4.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email