Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviour of TLS server implementations

Peter Gutmann <> Fri, 23 September 2016 08:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id ABDFC12B694 for <>; Fri, 23 Sep 2016 01:38:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.516
X-Spam-Status: No, score=-6.516 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.316] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id h9jXlntrJC8d for <>; Fri, 23 Sep 2016 01:38:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 49A1512B391 for <>; Fri, 23 Sep 2016 01:38:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=mail; t=1474619926; x=1506155926; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ngWXXu7ld6Xo6NqfOSdrILj3fjIMyNDiicFdCuXhliY=; b=rMftbitVPwSywDV4HacttPhKuH8qzNA/VFnLgN1BWANTE5AciNm/x58/ hPgTiUV5UAhL+RxtAjJxVlHg9ZTYSyEGoLrwM5LDYq5KgwnOI/v8B8yGZ Gz/pTgIoQCrOllOq5yErv63GrpkJDKkr5RsgCBtccqNj5ycCXNgS6EOV5 rjNYR4u7dRJMbRNhgsZXsuOJBL31Rmtf48zz+U7sHc9hywfLppJSLrARc swkaWMzM9oEjPSbMiiJaj6mubadPHGbMERK+uYmwjI/PArEGUFqVuapi8 bz4cQzSto/ZzYG1H1RlXWhwMHqAXaemoWROqzpaIZXuxO00h5UUwZhS6W A==;
X-IronPort-AV: E=Sophos;i="5.30,381,1470657600"; d="scan'208";a="107138432"
X-Ironport-Source: - Outgoing - Outgoing
Received: from (HELO ([]) by with ESMTP/TLS/AES256-SHA; 23 Sep 2016 20:38:44 +1200
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1178.4; Fri, 23 Sep 2016 20:38:44 +1200
Received: from ([]) by ([]) with mapi id 15.00.1178.000; Fri, 23 Sep 2016 20:38:44 +1200
From: Peter Gutmann <>
To: Andreas Walz <>
Thread-Topic: Antw: Re: Antw: Re: [TLS] Suspicious behaviour of TLS server implementations
Thread-Index: AQHSCqXVmMdwMkXxhEmPq8Svce2cg6Bwf1GAgAhiD77//1nRAIAKl8wAgAABIICAACcigIABLwcE//9TpACAAYjZtv//sYmAAENt/2A=
Date: Fri, 23 Sep 2016 08:38:44 +0000
Message-ID: <>
References: <> <> <> <> <> <>, <> <>, <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [TLS] Antw: Re: Antw: Re: Suspicious behaviour of TLS server implementations
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 23 Sep 2016 08:38:48 -0000

Andreas Walz <> writes:

>However, where would you draw the line between "I can't" and "I don't want

It's one of those judgement-call things, I don't know if you can strictly
define it but as a rule of thumb I'd say that if you encounter it during
normal processing it's an I-can't problem while if you have to add special-
case checks to identify it and refuse to continue it's an I-don't-want-to

Using again the example of "Couldn't connect to Amazon because no suitable
encryption was available", if the server or client accidentally memset()s the
cipher suite block to 0xDEADBEEF then you've run into an I-can't-continue
problem, while if the length fields don't quite match up (the MUST NOT that
was cited at the start of this thread), something that you wouldn't even
notice unless you added special-case code to check for it, then it's an I-
don't-want-to-continue problem.