IETF Logo Mail Archive

Re: [TLS] Unfortunate current practices for HTTP over TLS

"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Wed, 19 January 2011 00:13 UTC

Return-Path: <yngve@opera.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EBD603A6F57 for <tls@core3.amsl.com>; Tue, 18 Jan 2011 16:13:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hp0K0iEauFpN for <tls@core3.amsl.com>; Tue, 18 Jan 2011 16:13:46 -0800 (PST)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id BE8123A6EB8 for <tls@ietf.org>; Tue, 18 Jan 2011 16:13:45 -0800 (PST)
Received: from acorna.oslo.osa (pat-tdc.opera.com [213.236.208.22]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id p0J0GMRd015736 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <tls@ietf.org>; Wed, 19 Jan 2011 00:16:23 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: tls@ietf.org
References: <AANLkTikX_9F9z0n1wfeAGX0W5ZcSupeK9v2UGO9D9KPp@mail.gmail.com> <4D362A1E.9020509@pobox.com>
Date: Wed, 19 Jan 2011 01:16:30 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.vpi4dsxqqrq7tp@acorna.oslo.osa>
In-Reply-To: <4D362A1E.9020509@pobox.com>
User-Agent: Opera Mail/10.63 (Win32)
X-Scanned-By: MIMEDefang 2.64 on 213.236.208.81
Subject: Re: [TLS] Unfortunate current practices for HTTP over TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jan 2011 00:13:47 -0000

On Wed, 19 Jan 2011 01:02:38 +0100, Michael D'Errico <mike-list@pobox.com>  
wrote:

> Adam Langley wrote:
>>  3.  Protocol Fallback
>>     Lastly, some servers will negotiate the use of SSLv3 but select a
>>    TLS-only cipher suite.

The AES suites are AFAIK only defined for TLS 1.0 and higher. And there  
are also other ciphersuites that are defined for specific versions and  
higher, particularly the SHA-256 suites.

See also  
<http://blogs.msdn.com/b/ieinternals/archive/2009/12/08/aes-is-not-a-valid-cipher-for-sslv3.aspx>


-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 23 69 32 60              Fax:    +47 23 69 24 01
********************************************************************

v2.23.0 | Report a Bug | By Email