Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]

David Benjamin <davidben@chromium.org> Tue, 07 June 2016 21:08 UTC

Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4B9612D5F0 for <tls@ietfa.amsl.com>; Tue, 7 Jun 2016 14:08:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.425
X-Spam-Level:
X-Spam-Status: No, score=-3.425 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BblCe9qEfu8H for <tls@ietfa.amsl.com>; Tue, 7 Jun 2016 14:08:11 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F0512D168 for <tls@ietf.org>; Tue, 7 Jun 2016 14:08:11 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id h62so46580862itb.1 for <tls@ietf.org>; Tue, 07 Jun 2016 14:08:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BdLjQzCWnu+0ZKMS/pWB1jMdwDNhYDv1t9mfaHkOeVc=; b=gSct2Ljsr8lzqz0DyGKeoKZba9aEBEPakIfyAI/yIb6AHW5TSCWal36ZRf7nL0/s4E rALc2fxkxwYE4dmYPYMjuZjP+cwZA531GlSuXfUt1nmGJTjEKOtOcaxGHs+Ld1Jy5/yx thmRN4qhjpzkeUfut9sIad13rHc/3G+Eyo880=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BdLjQzCWnu+0ZKMS/pWB1jMdwDNhYDv1t9mfaHkOeVc=; b=iIpXbB/Q53N2ULDnLHIPn+g+TJmoKaucBVPIvKDzj0Nh8vyLMpcn1P5AlikKQCJy+c JspD/nX+bHziQh/BmVdyM90xQ71jEVInNsLLvcU20Gnw6eG0l5sWpUYvlzf+av2C6R+5 mwqvfEjAYx3bMwQb+BRrLRmtdHB2i1/zwGYgwxIUlcwkiytlDUKNSYq16SXKitTeSZcr gVGvXBrhmFrL/leId9R6Yqkeu2dUFXLzfybMnohHBHUvW+JcAqJsI6z6WEEgf/GPBS4K TYbAIeqMKb1LwDWqXUTScTgaRQdD7NDsa2dlfc9MfoahPjwH0foElfWjae4Pt2IT7eDK ZGqg==
X-Gm-Message-State: ALyK8tL9wQl2izKNjWLh0q4Vq9+gwxTrxp9IktHTXDr67aOt8B9ToTVaGsTG0HYR+8LVy8QfoZE2s3Kcq/5hCFVG
X-Received: by 10.36.61.202 with SMTP id n193mr7699278itn.92.1465333690423; Tue, 07 Jun 2016 14:08:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaDuGyHOu_4kpWN+c+vJKXyERPJu-2xR+nu=sPzG5vZ+ag@mail.gmail.com> <CAJU8_nU6dN7_GgjkC9c5VJawi91B4SpyvgyYU+_F4HeLtHWUaw@mail.gmail.com> <19D9A152-3801-44DA-ADF0-345011EDF54D@gmail.com> <4418055.GXTqvqFNm1@pintsize.usersys.redhat.com> <60729080-E56E-41D5-AAB0-FAD46FCE1C00@gmail.com>
In-Reply-To: <60729080-E56E-41D5-AAB0-FAD46FCE1C00@gmail.com>
From: David Benjamin <davidben@chromium.org>
Date: Tue, 07 Jun 2016 21:08:00 +0000
Message-ID: <CAF8qwaByu9+Smb7Bt9H+ffDozO7J49RBzOez1dVGmfi_3w-jXw@mail.gmail.com>
To: Yoav Nir <ynir.ietf@gmail.com>, Hubert Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary=001a1145bb4618b6d80534b6963c
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/QsmHrKRCZPHjFGRZXKB1nxDa4pU>
Cc: tls@ietf.org
Subject: Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 21:08:13 -0000

On Tue, Jun 7, 2016 at 5:06 PM Yoav Nir <ynir.ietf@gmail.com>; wrote:

>
> > On 7 Jun 2016, at 8:33 PM, Hubert Kario <hkario@redhat.com>; wrote:
> >
> > On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
> >> I’m not sure this helps.
> >>
> >> I’ve never installed a server that is version intolerant. TLS stacks
> >> from OpenSSL, Microsoft,
> >
> > are you sure about that Microsoft part?
> >
> > there is quite a long thread on the filezilla forums about TLS version
> > tolerance in IIS:
> > https://forum.filezilla-project.org/viewtopic.php?f=2&t=27898
>
> That’s surprising.
>
> The last time I tested with an IIS servers it was Windows Server 2003 and
> 2008. They did not support TLS 1.2, so I wanted to check if they could
> tolerate a TLS 1.2 ClientHello. They did. Of course, they replied with TLS
> 1.0, but that was expected.
>
> It’s strange that this behavior would degrade for much newer versions of
> Windows that came out at a time where several browsers were already
> offering TLS 1.2. I wonder if it’s just the FTP or also IIS.
>

This is the first I've heard of this and I believe neither Chrome nor
Firefox accept TLS 1.2 intolerance and below anymore. To my knowledge, that
has successfully been driven out of the ecosystem.

David