Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Nikos Mavrogiannopoulos <nmav@redhat.com> Fri, 10 June 2016 09:31 UTC

Return-Path: <nmavrogi@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BA1912D572 for <tls@ietfa.amsl.com>; Fri, 10 Jun 2016 02:31:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.648
X-Spam-Level:
X-Spam-Status: No, score=-5.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10UAaPNJTQpS for <tls@ietfa.amsl.com>; Fri, 10 Jun 2016 02:31:08 -0700 (PDT)
Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E987412D158 for <tls@ietf.org>; Fri, 10 Jun 2016 02:31:07 -0700 (PDT)
Received: from zmail22.collab.prod.int.phx2.redhat.com (zmail22.collab.prod.int.phx2.redhat.com [10.5.83.26]) by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u5A9V6dD008245; Fri, 10 Jun 2016 05:31:06 -0400
Date: Fri, 10 Jun 2016 05:31:06 -0400 (EDT)
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Yoav Nir <ynir.ietf@gmail.com>
Message-ID: <2144997004.41497030.1465551066584.JavaMail.zimbra@redhat.com>
In-Reply-To: <60729080-E56E-41D5-AAB0-FAD46FCE1C00@gmail.com>
References: <CAF8qwaDuGyHOu_4kpWN+c+vJKXyERPJu-2xR+nu=sPzG5vZ+ag@mail.gmail.com> <CAJU8_nU6dN7_GgjkC9c5VJawi91B4SpyvgyYU+_F4HeLtHWUaw@mail.gmail.com> <19D9A152-3801-44DA-ADF0-345011EDF54D@gmail.com> <4418055.GXTqvqFNm1@pintsize.usersys.redhat.com> <60729080-E56E-41D5-AAB0-FAD46FCE1C00@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.10.61.108]
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF45 (Linux)/8.0.6_GA_5922)
Thread-Topic: no fallbacks please [was: Downgrade protection, fallbacks, and server time]
Thread-Index: 2qOLttO/wbXnbVe/jaLa9jjhwIVqnw==
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fDMmMt2iO0wg8sgjfozCzdFmyTU>
Cc: tls@ietf.org
Subject: Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2016 09:31:09 -0000

I'm actually surprised you mention the microsoft servers as being 
version negotiation tolerant. They were the most prominent examples
of terminating the handshake if TLS 1.2 was offered to them (that 
was much time before TLS 1.2 was implemented in browsers).

regards,
Nikos

----- Original Message -----

> On 7 Jun 2016, at 8:33 PM, Hubert Kario <hkario@redhat.com>; wrote:
> 
> On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
>> I’m not sure this helps.
>> 
>> I’ve never installed a server that is version intolerant. TLS stacks
>> from OpenSSL, Microsoft,
> 
> are you sure about that Microsoft part?
> 
> there is quite a long thread on the filezilla forums about TLS version
> tolerance in IIS:
> https://forum.filezilla-project.org/viewtopic.php?f=2&t=27898

That’s surprising.

The last time I tested with an IIS servers it was Windows Server 2003 and 2008. They did not support TLS 1.2, so I wanted to check if they could tolerate a TLS 1.2 ClientHello. They did. Of course, they replied with TLS 1.0, but that was expected.

It’s strange that this behavior would degrade for much newer versions of Windows that came out at a time where several browsers were already offering TLS 1.2. I wonder if it’s just the FTP or also IIS.

Yoav


_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls