Re: [TLS] rfc7366: is encrypt-then-mac implemented?
"Christian Kahlo" <christian.kahlo@ageto.net> Sat, 01 November 2014 21:58 UTC
Return-Path: <christian.kahlo@ageto.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A33A1A1AFD for <tls@ietfa.amsl.com>; Sat, 1 Nov 2014 14:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RRJyKXU8fLU for <tls@ietfa.amsl.com>; Sat, 1 Nov 2014 14:58:25 -0700 (PDT)
Received: from mail-wg0-f52.google.com (mail-wg0-f52.google.com [74.125.82.52]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 567F51A1AF8 for <tls@ietf.org>; Sat, 1 Nov 2014 14:58:25 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id b13so8090465wgh.11 for <tls@ietf.org>; Sat, 01 Nov 2014 14:58:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:reply-to:from:to:references :in-reply-to:subject:date:organization:mime-version:content-type :content-transfer-encoding:thread-index:content-language; bh=GXNFKAJXRUIDq+e5dvz8tvoakCI3Y8EobQHpvEKRw8E=; b=Cfd1aReEodGAiRUhDcynfmDIXfvkZpCynIlkPZy5eF3RrJZ5wbwK66db25N/fv45nn wVD+/cYUXi0TyVcLmlbRmloR/p47rtO+ULneDy3v9SZe0Jnex5jJ+QRJsThHkohJELoh uD6wrDontSzg7WKlgUiUn09w3oaK28ZMxpitHf8lPuFzBV63e8ezIkehYQPuSEI1MzK2 pkDY6F6e5ANlFLV3Qmkbg/gjT26aQYHnSk5BtQp7pj1KXI+Ig+EMf2JuaRaqCOlK3Cwy cKCqmFgKWLBzY3VS/tTtBt3sMfpN7RJi5MUP0Um6LmOPfk1nKaW0dhFd20nHbBZa9sYn dlSA==
X-Gm-Message-State: ALoCoQkSZ8lqT6s7HBOEVVkR2eiCxtcrGv3zvkcpjvY9CESFWUeXb8532UeIH/DpTpOHQcWsF6hX
X-Received: by 10.180.208.100 with SMTP id md4mr6154911wic.53.1414879103935; Sat, 01 Nov 2014 14:58:23 -0700 (PDT)
Received: from THINK2 (cable-158-181-87-250.cust.telecolumbus.net. [158.181.87.250]) by mx.google.com with ESMTPSA id 4sm16556964wjx.39.2014.11.01.14.58.22 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Sat, 01 Nov 2014 14:58:23 -0700 (PDT)
Message-ID: <5455577f.e402c20a.6dee.2253@mx.google.com>
X-Google-Original-Message-ID: <000101cff61e$f625d500$e2717f00$@kahlo@ageto.net>
From: Christian Kahlo <christian.kahlo@ageto.net>
To: 'Manuel Pégourié-Gonnard' <mpg@polarssl.org>, "'Yngve N. Pettersen'" <yngve@spec-work.net>, tls@ietf.org
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB35D@uxcn10-5.UoA.auckland.ac.nz> <op.xonuwux33dfyax@killashandra.invalid.invalid> <54555161.1040606@polarssl.org>
In-Reply-To: <54555161.1040606@polarssl.org>
Date: Sat, 01 Nov 2014 22:58:23 +0100
Organization: AGETO Innovation GmbH
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac/2G2jPupPc5GybTa6yRfBBtLAZ1wAAm4eg
Content-Language: de
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/cuga1ReCIfTnoKi3siiTr16PL74
Subject: Re: [TLS] rfc7366: is encrypt-then-mac implemented?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: c.kahlo@ageto.net
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Nov 2014 21:58:27 -0000
> IIRC, I found out that it doesn't like 03 00 as the record-level > version number in the ClientHello. I was able to connect by setting the > minimum version of my test client to TLS 1.0, which upped the record- > level version number of the ClientHello to 03 01. Yes, SSLv3 is explicitly unsupported. As there is no handshake back- ward compatibility with SSLv3 "03 00" is forbidden at the record level.
- [TLS] rfc7366: is encrypt-then-mac implemented? Nikos Mavrogiannopoulos
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Nikos Mavrogiannopoulos
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Nikos Mavrogiannopoulos
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Martin Rex
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Nikos Mavrogiannopoulos
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Ilari Liusvaara
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Henrick Hellström
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Peter Gutmann
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Yngve N. Pettersen
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- [TLS] record-level version number in ClientHello Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Yngve N. Pettersen
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Yngve N. Pettersen
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Nikos Mavrogiannopoulos
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Martin Rex
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Christian Kahlo
- Re: [TLS] record-level version number in ClientHe… Martin Thomson
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Martin Rex
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Martin Rex
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Manuel Pégourié-Gonnard
- Re: [TLS] rfc7366: is encrypt-then-mac implemente… Nikos Mavrogiannopoulos
- [TLS] rfc7366: status Nikos Mavrogiannopoulos
- Re: [TLS] rfc7366: status Martin Rex