Re: [TLS] What's the right version number in the PreMasterSecret for renegotiation
Andrei Popov <Andrei.Popov@microsoft.com> Fri, 20 April 2012 17:22 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 885CE21F84CD for <tls@ietfa.amsl.com>; Fri, 20 Apr 2012 10:22:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.467
X-Spam-Level:
X-Spam-Status: No, score=-3.467 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LjF8z6u4mV48 for <tls@ietfa.amsl.com>; Fri, 20 Apr 2012 10:22:11 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe006.messaging.microsoft.com [216.32.180.16]) by ietfa.amsl.com (Postfix) with ESMTP id 7254221F84C9 for <tls@ietf.org>; Fri, 20 Apr 2012 10:22:11 -0700 (PDT)
Received: from mail100-va3-R.bigfish.com (10.7.14.239) by VA3EHSOBE003.bigfish.com (10.7.40.23) with Microsoft SMTP Server id 14.1.225.23; Fri, 20 Apr 2012 17:22:10 +0000
Received: from mail100-va3 (localhost [127.0.0.1]) by mail100-va3-R.bigfish.com (Postfix) with ESMTP id 449FC2073C for <tls@ietf.org>; Fri, 20 Apr 2012 17:22:10 +0000 (UTC)
X-SpamScore: -14
X-BigFish: VS-14(zz1432N98dK148cMzz1202hzz8275bhz2fh2a8h683h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail100-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Andrei.Popov@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail100-va3 (localhost.localdomain [127.0.0.1]) by mail100-va3 (MessageSwitch) id 1334942516104439_12563; Fri, 20 Apr 2012 17:21:56 +0000 (UTC)
Received: from VA3EHSMHS014.bigfish.com (unknown [10.7.14.251]) by mail100-va3.bigfish.com (Postfix) with ESMTP id 08ECA4C0394 for <tls@ietf.org>; Fri, 20 Apr 2012 17:21:56 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS014.bigfish.com (10.7.99.24) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 20 Apr 2012 17:21:54 +0000
Received: from CH1EHSOBE002.bigfish.com (157.54.51.113) by mail.microsoft.com (157.54.7.153) with Microsoft SMTP Server (TLS) id 14.2.283.4; Fri, 20 Apr 2012 17:21:38 +0000
Received: from mail209-ch1-R.bigfish.com (10.43.68.232) by CH1EHSOBE002.bigfish.com (10.43.70.52) with Microsoft SMTP Server id 14.1.225.23; Fri, 20 Apr 2012 17:20:38 +0000
Received: from mail209-ch1 (localhost [127.0.0.1]) by mail209-ch1-R.bigfish.com (Postfix) with ESMTP id 9C698200676 for <tls@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Fri, 20 Apr 2012 17:20:38 +0000 (UTC)
Received: from mail209-ch1 (localhost.localdomain [127.0.0.1]) by mail209-ch1 (MessageSwitch) id 1334942437895817_22290; Fri, 20 Apr 2012 17:20:37 +0000 (UTC)
Received: from CH1EHSMHS002.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.243]) by mail209-ch1.bigfish.com (Postfix) with ESMTP id D585C1C00B1 for <tls@ietf.org>; Fri, 20 Apr 2012 17:20:37 +0000 (UTC)
Received: from SN2PRD0310HT001.namprd03.prod.outlook.com (157.56.234.5) by CH1EHSMHS002.bigfish.com (10.43.70.2) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 20 Apr 2012 17:20:37 +0000
Received: from SN2PRD0310MB395.namprd03.prod.outlook.com ([169.254.1.53]) by SN2PRD0310HT001.namprd03.prod.outlook.com ([10.255.112.36]) with mapi id 14.16.0143.004; Fri, 20 Apr 2012 17:20:34 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: Re: [TLS] What's the right version number in the PreMasterSecret for renegotiation
Thread-Index: Ac0fGUr6yQDr3A7+TEevg+HGinImqQ==
Date: Fri, 20 Apr 2012 17:20:34 +0000
Message-ID: <7A41E0C9581F8346A6883D6254E78490095BE64A@SN2PRD0310MB395.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [131.107.174.146]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OrganizationHeadersPreserved: SN2PRD0310HT001.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-CrossPremisesHeadersPromoted: TK5EX14HUBC101.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14HUBC101.redmond.corp.microsoft.com
X-OriginatorOrg: microsoft.com
X-Mailman-Approved-At: Fri, 20 Apr 2012 10:27:11 -0700
Subject: Re: [TLS] What's the right version number in the PreMasterSecret for renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 17:25:10 -0000
Coming back to this thread, we are investigating the possible interoperability and RFC compliance issues in Microsoft's SSL/TLS implementation. Thanks for bringing this to our attention, Andrei Popov, Microsoft On Tue, 10 Aug 2010 at 16:02:42 -0700, Michael D'Errico <mike-list@pobox.com> wrote: > The problematic handshake is: > > ---->ClientHello v1.1----> (ask for an abbreviated handshake) > <---ServerHello V1.1<--- (not resumable, new session) > ... > --->PreMasterSecret (v1.2)---> (**) > > The version encoded within the PreMasterSecret is not the version > that was used in the ClientHello. That's a violation of the spec. > > The fact that the client does actually support version 1.2 is > immaterial. A server is not expected to have logic that keeps track > of the highest version the client has ever offered in the past.
- [TLS] What's the right version number in the PreM… Xuelei Fan
- Re: [TLS] What's the right version number in the … Michael D'Errico
- Re: [TLS] What's the right version number in the … Martin Rex
- Re: [TLS] What's the right version number in the … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] What's the right version number in the … Kyle Hamilton
- Re: [TLS] What's the right version number in the … Michael D'Errico
- Re: [TLS] What's the right version number in the … Xuelei Fan
- Re: [TLS] What's the right version number in the … Martin Rex
- Re: [TLS] What's the right version number in the … Andrei Popov
- Re: [TLS] What's the right version number in the … Michael D'Errico
- [TLS] [Fwd: Re: What's the right version number i… Michael D'Errico