IETF Logo Mail Archive

Re: [TLS] rfc7366: is encrypt-then-mac implemented?

"Christian Kahlo" <christian.kahlo@ageto.net> Sun, 02 November 2014 21:53 UTC

Return-Path: <christian.kahlo@ageto.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EED91A1A5E for <tls@ietfa.amsl.com>; Sun, 2 Nov 2014 13:53:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jQEP-_iCwD7 for <tls@ietfa.amsl.com>; Sun, 2 Nov 2014 13:53:14 -0800 (PST)
Received: from mail-wg0-f45.google.com (mail-wg0-f45.google.com [74.125.82.45]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 69D4D1A1A54 for <tls@ietf.org>; Sun, 2 Nov 2014 13:53:14 -0800 (PST)
Received: by mail-wg0-f45.google.com with SMTP id x12so9889571wgg.32 for <tls@ietf.org>; Sun, 02 Nov 2014 13:53:13 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:reply-to:from:to:cc:references :in-reply-to:subject:date:organization:mime-version:content-type :content-transfer-encoding:thread-index:content-language; bh=jNFnbI2eYBIGk/deThz9JEynOmylE6ZcIufKDUEUr4Y=; b=imuA1JiNYStsuI1Dy/FMM/1n7w3se9IkJ0quNtD7yryrFfA5Qj/h4mAUt1pzf0t9sv ZSHF5eb+gXDcLX8JWRFpk/vNL5U7FERpsQ6reIpATmVbEG5JFGEmQTt5G510N71mwB20 ftuCsBwMZjRsA2JsCJUH8aDrHxoek8YLgx7KARKbs+iEDXlvhIWLqH47Fg3HlC22MG51 hFiQeZg8wdxssu47vcCJDyHD7B8+/DEpnnNQM5YhbNhwI7rRm+68+syOLVHqEHSO14R+ EIxQWdRzMVEKZEZFKbYR16362JwZEN9xkeJdpI7ZC2os3jXIprLIhJJC3bUPM+uFRi4C MXCw==
X-Gm-Message-State: ALoCoQngA9MYLqGCRwizEOkT7lX9HqaEtpLIbNcusvTs2wlLn7/wzYuW/lsr8Qr0QaBpmA0+o3mD
X-Received: by 10.180.212.42 with SMTP id nh10mr11828517wic.52.1414965193090; Sun, 02 Nov 2014 13:53:13 -0800 (PST)
Received: from THINK2 (cable-158-181-87-250.cust.telecolumbus.net. [158.181.87.250]) by mx.google.com with ESMTPSA id f9sm19719622wjw.31.2014.11.02.13.53.11 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sun, 02 Nov 2014 13:53:12 -0800 (PST)
Message-ID: <5456a7c8.e94bc20a.62d5.25f2@mx.google.com>
X-Google-Original-Message-ID: <002301cff6e7$67fb1460$37f13d20$@kahlo@ageto.net>
From: Christian Kahlo <christian.kahlo@ageto.net>
To: tls@ietf.org, 'Nikos Mavrogiannopoulos' <nmav@redhat.com>
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB35D@uxcn10-5.UoA.auckland.ac.nz> <op.xonuwux33dfyax@killashandra.invalid.invalid> <54555161.1040606@polarssl.org> <5455577f.e402c20a.6dee.2253@mx.google.com> <222598372.3223019.1414913562380.JavaMail.zimbra@redhat.com>
In-Reply-To:
Date: Sun, 02 Nov 2014 22:53:14 +0100
Organization: AGETO Innovation GmbH
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac/2G2jPupPc5GybTa6yRfBBtLAZ1wAAm4eg61IkWm/rUJe4sNahKdVg
Content-Language: de
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/TY9_Ljz2DmZI1VDHFVge8_yqjeg
Cc: 'Manuel Pégourié-Gonnard' <mpg@polarssl.org>
Subject: Re: [TLS] rfc7366: is encrypt-then-mac implemented?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: c.kahlo@ageto.net
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Nov 2014 21:53:16 -0000

> > The last two paragraphs of
> http://tools.ietf.org/html/rfc5246#appendix-
> > E.1
> > make that clear: "Thus, TLS servers compliant with this specification
> > MUST accept any value {03,XX} as the record layer version number for
> > ClientHello.".
> 
> OK. Fixed. Checked In. Deployed.

By the way this is an operational system. The server is PFS-only with
ECDSA_RSA activated. RC4 and Camellia are not supported and 3DES is
deactivated. TLS1.0 is supported but not enabled.

v2.23.0 | Report a Bug | By Email