Re: [TLS] Broken browser behaviour with SCADA TLS
Peter Gutmann <pgut001@cs.auckland.ac.nz> Wed, 04 July 2018 07:45 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06802130DF0 for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 00:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUw1JB6bmxhF for <tls@ietfa.amsl.com>; Wed, 4 Jul 2018 00:45:41 -0700 (PDT)
Received: from mx4-int.auckland.ac.nz (mx4-int.auckland.ac.nz [130.216.125.246]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05904130DF9 for <tls@ietf.org>; Wed, 4 Jul 2018 00:45:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1530690341; x=1562226341; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=7a9TuacCOXbVZzVWiHr9mGoIDXfqgWnIO4CrgaF04ZA=; b=bfpJ+0Rzn8L9mugmFG3a3QUAAw0PKs9FiRbZiZVYqRI3blJcTsJxlfp7 FWpKoy7RTwca489eije9VAtJBLN5i27CiRKPKYAcMxA+CJ3lwSOeZhwpx 5gRtTztRSpbFOg0f2U8M3q9APLMSQCsYAKyDSI8c5HQOrI0juWEv7Ffue VF1k+R/EeW5s4gxrTG2Wce1cJrF4a9HF0tPqMFtAWNV9YzZfuhbG7Xj2+ uScjvZUf+iX4Ja1VL391rpJmfOrvLKy0t+w0A479bkusvX5H6O/TOSTo1 m2fYYUCRbs0FI4gUABIlYnbWOEVQQwndMc7iwrn/YuPCLnscCRtwpzy5h Q==;
X-IronPort-AV: E=Sophos;i="5.51,306,1526299200"; d="scan'208";a="19534687"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.2.4 - Outgoing - Outgoing
Received: from uxcn13-ogg-c.uoa.auckland.ac.nz ([10.6.2.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 04 Jul 2018 19:45:38 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz (10.6.3.5) by uxcn13-ogg-c.UoA.auckland.ac.nz (10.6.2.24) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 4 Jul 2018 19:45:37 +1200
Received: from uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::ccab:7bf5:3d4a:aed8]) by uxcn13-tdc-d.UoA.auckland.ac.nz ([fe80::ccab:7bf5:3d4a:aed8%14]) with mapi id 15.00.1263.000; Wed, 4 Jul 2018 19:45:37 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Martin Thomson <martin.thomson@gmail.com>
CC: "<tls@ietf.org>" <tls@ietf.org>
Thread-Topic: [TLS] Broken browser behaviour with SCADA TLS
Thread-Index: AQHUE2JmEGgXYKCP9EqF19k6tdX1YKR92r8AgADQEJ8=
Date: Wed, 04 Jul 2018 07:45:36 +0000
Message-ID: <1530690320155.99154@cs.auckland.ac.nz>
References: <1530687136897.97792@cs.auckland.ac.nz>, <CABkgnnXsM2_PsL_YsuNEh6eDyp-R2d2JRm6OmGFh9nRAV5Lukg@mail.gmail.com>
In-Reply-To: <CABkgnnXsM2_PsL_YsuNEh6eDyp-R2d2JRm6OmGFh9nRAV5Lukg@mail.gmail.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Wq2r4PtLhFNAsnKUQ0rO8Xmj6xc>
Subject: Re: [TLS] Broken browser behaviour with SCADA TLS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 07:45:44 -0000
Martin Thomson <martin.thomson@gmail.com> writes: >How is the client doing any of this? The server picks the cipher suite. Sorry, I meant the client only offers pure-RSA, not DHE+RSA, so the server is forced to pick pure-RSA, e.g.: Chrome: Offered suite: TLS_RSA_WITH_AES_128_CBC_SHA. Accepted suite: TLS_RSA_WITH_AES_128_CBC_SHA. Offered suite: TLS_RSA_WITH_AES_256_CBC_SHA. Offered suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA. This is on a system without ECDHE present, so the server is looking for DHE (preferentially) or RSA (if it really has to), the ECDHE suites are skipped. This was noticed on systems which had disabled the pure-RSA suites because some industry compliance thing required it, and found that Chrome was now unusable for any of their devices. (My suggestion that they might consider QQ Browser didn't go down too well...). >Newer versions might not have DHE, which I hope is consistent with your >expectations Well, that'd bring FF closer to Chrome's brokenness. I guess I could add a comment about FF copying everything Chrome does as being consistent with my expectations :-). >As of the latest version, things should be the same - extensions shouldn't >affect whether connections work. Sure, the only reason for mentioning the "last version with extensions" is that apparently some of the systems require browser extensions, and they aren't going to be rewritten for current versions of Firefox. So it was whatever the last version with extensions was, either 52ESR or 56 (I didn't ask, I'm on FF 56). >The problem with DHE of course being that it uses the TLS 1.0 suites with the >SHA1 MAC and with the MAC and encrypt in the wrong order. Given that SHA-1 is used in the HMAC form it doesn't really matter security- wise... the order of MAC and encrypt also depends on EtM/LTS support, I didn't check for who does what there, the real issue was to report on browser issues when used in a SCADA environment and to poke vendors with a bit of a WTF?! for their cipher suite support, or lack thereof. Currently the best by a long shot is FF. Peter.
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Salz, Rich
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Nikos Mavrogiannopoulos
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Hubert Kario
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- Re: [TLS] Broken browser behaviour with SCADA TLS Salz, Rich
- Re: [TLS] Broken browser behaviour with SCADA TLS Kurt Roeckx
- Re: [TLS] Broken browser behaviour with SCADA TLS David Benjamin
- Re: [TLS] Broken browser behaviour with SCADA TLS Colm MacCárthaigh
- Re: [TLS] Broken browser behaviour with SCADA TLS David Benjamin
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Ilari Liusvaara
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann
- Re: [TLS] Broken browser behaviour with SCADA TLS Adam Langley
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Rex
- Re: [TLS] Broken browser behaviour with SCADA TLS Martin Thomson
- Re: [TLS] Broken browser behaviour with SCADA TLS Peter Gutmann