IETF Logo Mail Archive

Re: [TLS] Prohibiting SSL 3.0

Hubert Kario <hkario@redhat.com> Wed, 29 October 2014 15:34 UTC

Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6913C1A0117 for <tls@ietfa.amsl.com>; Wed, 29 Oct 2014 08:34:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vlGE01uwdGHD for <tls@ietfa.amsl.com>; Wed, 29 Oct 2014 08:34:02 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24E321A00F7 for <tls@ietf.org>; Wed, 29 Oct 2014 08:34:02 -0700 (PDT)
Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s9TFY1VE021651 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <tls@ietf.org>; Wed, 29 Oct 2014 11:34:01 -0400
Received: from pintsize.usersys.redhat.com (dhcp-0-150.brq.redhat.com [10.34.0.150]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s9TFXwjq009240 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <tls@ietf.org>; Wed, 29 Oct 2014 11:34:00 -0400
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Wed, 29 Oct 2014 16:33:58 +0100
Message-ID: <1691312.p9EQZRTQmQ@pintsize.usersys.redhat.com>
User-Agent: KMail/4.14.1 (Linux/3.16.6-200.fc20.x86_64; KDE/4.14.1; x86_64; ; )
In-Reply-To: <13B774E2-45AC-4A6C-B91E-71B2C56C5F6E@gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB0B2@uxcn10-5.UoA.auckland.ac.nz> <3210934.mtebjy4dFk@pintsize.usersys.redhat.com> <13B774E2-45AC-4A6C-B91E-71B2C56C5F6E@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/YP-IQgPDdxQ6yqUliFtaSQCguPY
Subject: Re: [TLS] Prohibiting SSL 3.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 15:34:04 -0000

On Wednesday 29 October 2014 17:06:51 Yoav Nir wrote:
> > On Oct 29, 2014, at 3:25 PM, Hubert Kario <hkario@redhat.com> wrote:
> > 
> > On Wednesday 29 October 2014 13:18:59 Ilari Liusvaara wrote:
> >> On Wed, Oct 29, 2014 at 10:51:39AM +0000, Peter Gutmann wrote:
> >>> Hubert Kario <hkario@redhat.com> writes:
> >>>> Even the TLS 1.3 draft says that a client SHOULD NOT send a SSLv2
> >>>> compatible client hello with server support being stated as MAY.
> >>> 
> >>> Good grief, it's still allowing SSLv2 after nearly *twenty years*?  This
> >>> should have been MUST NOT for both client and server years ago, and at
> >>> an
> >>> absolute minimum SHOULD NOT SSLv3 as well.
> >> 
> >> Also, one can't even use SSLv2 compatible ClientHello for TLS v1.3
> >> because
> >> TLS v1.3 backward compatiblity mode requires extensions, and SSLv2 can't
> >> pass those.
> >> 
> >> Checking SSL pulse (which I think scans global Internet, not all kinds of
> >> odd internal sites nobody cares about) gives ~19% for SSLv2 (this isn't
> >> the compatiblity hello, this the whole protocol!), which is scary.
> > 
> > In my scans (a bit bigger set than SSL Pulse), I see over 1% of servers
> > that don't support anything but SSLv2!
> 
> I think that shows that there is an issue with the scan. A server that
> offers only SSLv2 is not on the web. No modern browser can connect to it.
> Are your scans going by the most popular HTTP sites that also answer on
> port 443?  Or are these really HTTPS sites that are accessed as such?

they are very much on the web for IE 6 users

I'm using Alexa top 1 million sites

but I'm not checking if the sites use redirect to https (as the redirect may 
be just for login page, only for admins, etc.) so it may not be actually 
visible for regular visitors

I also don't check for CN mismatch (as some clients don't check CNs too...)

That being said, I didn't verify how reliable are the scan results for SSL2 
Only sites, so yes, it may be even less than 1%.

-- 
Regards,
Hubert Kario

v2.23.0 | Report a Bug | By Email