Re: [TLS] ALPN concerns
Andrei Popov <Andrei.Popov@microsoft.com> Wed, 06 November 2013 20:51 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45C2011E8101 for <tls@ietfa.amsl.com>; Wed, 6 Nov 2013 12:51:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.71
X-Spam-Level:
X-Spam-Status: No, score=-6.71 tagged_above=-999 required=5 tests=[AWL=-3.111, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ahhEZMvGUk7R for <tls@ietfa.amsl.com>; Wed, 6 Nov 2013 12:51:22 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0240.outbound.protection.outlook.com [207.46.163.240]) by ietfa.amsl.com (Postfix) with ESMTP id C171721E8193 for <tls@ietf.org>; Wed, 6 Nov 2013 12:51:21 -0800 (PST)
Received: from BL2PR03MB194.namprd03.prod.outlook.com (10.255.230.142) by BL2PR03MB194.namprd03.prod.outlook.com (10.255.230.142) with Microsoft SMTP Server (TLS) id 15.0.785.10; Wed, 6 Nov 2013 20:51:20 +0000
Received: from BL2PR03MB194.namprd03.prod.outlook.com ([169.254.14.243]) by BL2PR03MB194.namprd03.prod.outlook.com ([169.254.14.5]) with mapi id 15.00.0785.001; Wed, 6 Nov 2013 20:51:20 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Yoav Nir <ynir@checkpoint.com>, "tls@ietf.org list" <tls@ietf.org>
Thread-Topic: [TLS] ALPN concerns
Thread-Index: AQHO2nVrEJNfUuzvrkqBLee9/27ncJoXaOmAgAADJoCAAUFqQA==
Date: Wed, 06 Nov 2013 20:51:19 +0000
Message-ID: <4ff5300276984a0f883475b05b621f76@BL2PR03MB194.namprd03.prod.outlook.com>
References: <CAFewVt7-+e-e82LA3iPWOuoudRqCCk23uyf0w5+aXSFsAv64GA@mail.gmail.com> <CABkgnnXgUo_g-w=kefQUnFWLtcfdTByCWtSaxJHvLx-gtzZP_A@mail.gmail.com> <C98EE823-C8BD-4ED3-894A-5F562BE329EE@checkpoint.com>
In-Reply-To: <C98EE823-C8BD-4ED3-894A-5F562BE329EE@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e0:ee43::2]
x-forefront-prvs: 0022134A87
x-forefront-antispam-report: SFV:NSPM; SFS:(13464003)(377454003)(189002)(199002)(47976001)(50986001)(33646001)(76576001)(4396001)(76796001)(49866001)(54356001)(31966008)(15975445006)(56816003)(79102001)(85306002)(74316001)(74502001)(76786001)(19580405001)(74876001)(74662001)(83322001)(87266001)(76482001)(47736001)(19580395003)(74706001)(77096001)(81686001)(47446002)(81816001)(53806001)(51856001)(83072001)(74366001)(81542001)(77982001)(80976001)(56776001)(54316002)(69226001)(46102001)(80022001)(65816001)(59766001)(81342001)(63696002)(2656002)(87936001)(3826001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB194; H:BL2PR03MB194.namprd03.prod.outlook.com; CLIP:2001:4898:80e0:ee43::2; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Subject: Re: [TLS] ALPN concerns
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2013 20:51:26 -0000
ALPN support in IE11 does not usually trigger the issue with unpatched F5 devices. The combination of cipher suites, TLS extensions, and ALPN protocol IDs that IE11 advertises is such that the ClientHello is typically shorter than 256 bytes. Longer server names passed via SNI can of course still push IE's ClientHello over the unpatched F5 device's limit. -----Original Message----- From: tls-bounces@ietf.org [mailto:tls-bounces@ietf.org] On Behalf Of Yoav Nir Sent: Tuesday, November 5, 2013 5:36 PM To: tls@ietf.org list Subject: Re: [TLS] ALPN concerns One other thing: Microsoft has released IE 11 that has ALPN. So if ALPN makes TLS fail, then those 2.3% of websites are now inaccessible by Internet Explorer. That is one big reason to upgrade their BigIP box. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
- Re: [TLS] ALPN concerns Nico Williams
- [TLS] ALPN concerns Brian Smith
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Martin Thomson
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Geoffrey Keating
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Peter Gutmann
- Re: [TLS] ALPN concerns John Mattsson
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Xiaoyong Wu
- Re: [TLS] ALPN concerns Adam Langley
- Re: [TLS] ALPN concerns Yoav Nir
- Re: [TLS] ALPN concerns Dr Stephen Henson
- Re: [TLS] ALPN concerns Yutaka OIWA
- Re: [TLS] ALPN concerns Andrei Popov
- Re: [TLS] ALPN concerns Dr Stephen Henson
- Re: [TLS] ALPN concerns Adam Langley
- Re: [TLS] ALPN concerns Mark Nottingham
- Re: [TLS] ALPN concerns Wan-Teh Chang
- Re: [TLS] ALPN concerns Wan-Teh Chang
- Re: [TLS] ALPN concerns Xiaoyong Wu
- Re: [TLS] ALPN concerns Brian Smith
- Re: [TLS] ALPN concerns Andrei Popov
- Re: [TLS] ALPN concerns Brian Smith
- Re: [TLS] ALPN concerns Nikos Mavrogiannopoulos
- Re: [TLS] ALPN concerns Andrei Popov
- Re: [TLS] ALPN concerns Pascal Urien