Re: [TLS] Tr: Behaviour when TLS fails
Martin Rex <Martin.Rex@sap.com> Thu, 25 September 2008 16:10 UTC
Return-Path: <tls-bounces@ietf.org>
X-Original-To: tls-archive@ietf.org
Delivered-To: ietfarch-tls-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3D5033A67F9; Thu, 25 Sep 2008 09:10:48 -0700 (PDT)
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7A0C03A67F9 for <tls@core3.amsl.com>; Thu, 25 Sep 2008 09:10:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.369
X-Spam-Level:
X-Spam-Status: No, score=-5.369 tagged_above=-999 required=5 tests=[AWL=0.580, BAYES_00=-2.599, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82g8TIsS99Sa for <tls@core3.amsl.com>; Thu, 25 Sep 2008 09:10:45 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.171]) by core3.amsl.com (Postfix) with ESMTP id 462113A6774 for <tls@ietf.org>; Thu, 25 Sep 2008 09:10:45 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id m8PG9lOa009038; Thu, 25 Sep 2008 18:09:50 +0200 (MEST)
From: Martin Rex <Martin.Rex@sap.com>
Message-Id: <200809251609.m8PG9aue008216@fs4113.wdf.sap.corp>
To: julien@trigofacile.com
Date: Thu, 25 Sep 2008 18:09:36 +0200
In-Reply-To: <EED13F85BDFC46D0AA43656FC05ABF3B@Iulius> from "Julien ÉLIE" at Sep 25, 8 08:26:02 am
MIME-Version: 1.0
X-Scanner: Virus Scanner virwal05
X-SAP: out
Cc: tls@ietf.org
Subject: Re: [TLS] Tr: Behaviour when TLS fails
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: tls-bounces@ietf.org
Errors-To: tls-bounces@ietf.org
=?iso-8859-15?Q?Julien_=C9LIE?= wrote: > > Would it be possible to have some more information about how to behave when > a TLS negotiation fails? I have no experience with STARTTLS-style extensions for protocols such as NNTP or HTTP, but I think I know where the "should close down" suggestion" because of the "indeterminate state" of the connection comes from. I also don't see a need for a MUST close down here. The possibility to get back in sync on a connection after a SSL/TLS handshake error (or a fatal SSL alert after a successful handshake) is probably not a feature that most SSL/TLS stacks offer in their APIs because it is not really deterministic. A SSL/TLS stack could try to recv(,,,MSG_PEEK) from the network socket and apply heuristics whether anything that arrived during the timeout might be a leftover SSL record from the failed SSL/TLS handshake (or data) which would need to be cleared from the connection. But it is completely unclear how much SSL/TLS handshake (or data) messages may still be in the network pipe when one side detects a fatal handshake (or data) error and aborts. Even in the successful TLS session closure case, when the connection is gracefully completed with the CloseNotify closure alerts it is common behaviour that the closure alert of one side dies unread in the network pipe. TLS v1.1 (and newer) explicitly mentions this characteristic for the successful closure and describes what would have to be done/changed to reuse a network connection of a _successfully_ closed SSL/TLS communication: Unless some other fatal alert has been transmitted, each party is required to send a close_notify alert before closing the write side of the connection. The other party MUST respond with a close_notify alert of its own and close down the connection immediately, discarding any pending writes. It is not required for the initiator of the close to wait for the responding close_notify alert before closing the read side of the connection. If the application protocol using TLS provides that any data may be carried over the underlying transport after the TLS connection is closed, the TLS implementation must receive the responding close_notify alert before indicating to the application layer that the TLS connection has ended. If the application protocol will not transfer any additional data, but will only close the underlying transport connection, then the implementation MAY choose to close the transport without waiting for the responding close_notify. No part of this standard should be taken to dictate the manner in which a usage profile for TLS manages its data transport, including when connections are opened or closed. I can not think of a good and robust way to clear a network connection from SSL/TLS errors, and even if someone came up with a workable scheme, it would take much to long to be adopted by the installed base and probably not usable/useful for several years. Btw. not all (network) pipes offer "PEEK" and how long do you wait? -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- [TLS] Tr: Behaviour when TLS fails Julien ÉLIE
- Re: [TLS] Tr: Behaviour when TLS fails Martin Rex
- Re: [TLS] Tr: Behaviour when TLS fails Eric Rescorla