Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Yuhong Bao <YuhongBao_386@hotmail.com> Tue, 07 June 2016 21:23 UTC

Return-Path: <YuhongBao_386@hotmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B845812D52F for <tls@ietfa.amsl.com>; Tue, 7 Jun 2016 14:23:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.895
X-Spam-Level:
X-Spam-Status: No, score=-2.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IMpRGHiaV4c3 for <tls@ietfa.amsl.com>; Tue, 7 Jun 2016 14:23:21 -0700 (PDT)
Received: from SNT004-OMC3S10.hotmail.com (snt004-omc3s10.hotmail.com [65.55.90.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 470DC12D60D for <tls@ietf.org>; Tue, 7 Jun 2016 14:23:21 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com ([65.55.90.137]) by SNT004-OMC3S10.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 7 Jun 2016 14:23:20 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=BqV/EkGOsdCINggRGJFT/ThDKiC6E539qMwGkrAwTSo=; b=KZbimHLAW1rcgLtA80qkNCRtyr/MBw8KxCmhtDhPmrnwvIlulCRSrWhGTI9X2/n6KVxuX02EX4o4hefZMu4HKY3bK86khiJ02U8HL7XtL0Sp/Ybp5D1HQEjNpNOX/ODNiWVteEMrDP/SHMZTouMIFU2DmhDwc3JiXEFWchV+qEqx9sosjbfdvO/hFqPhEV1PrtnwAa5fe9qOMrY0wbgB1dxO+R+hmV5vtCOP1bfXlX8ZMONK9mho0YhLWPt02nE41njF2Ddh3+GtKpU7xtVIogeV8PnLOcjIw1ZNOZCCP1bUYRBgekdGEcI6uYvJB0wJbYp2/5M0cC/4hoTk+PFjrg==
Received: from BN3NAM01FT044.eop-nam01.prod.protection.outlook.com (10.152.66.57) by BN3NAM01HT229.eop-nam01.prod.protection.outlook.com (10.152.66.220) with Microsoft SMTP Server (TLS) id 15.1.497.8; Tue, 7 Jun 2016 21:23:19 +0000
Received: from CO1PR07MB283.namprd07.prod.outlook.com (10.152.66.55) by BN3NAM01FT044.mail.protection.outlook.com (10.152.66.243) with Microsoft SMTP Server (TLS) id 15.1.511.7 via Frontend Transport; Tue, 7 Jun 2016 21:23:18 +0000
Received: from CO1PR07MB283.namprd07.prod.outlook.com ([169.254.3.159]) by CO1PR07MB283.namprd07.prod.outlook.com ([169.254.3.159]) with mapi id 15.01.0501.018; Tue, 7 Jun 2016 21:23:18 +0000
From: Yuhong Bao <YuhongBao_386@hotmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>, David Benjamin <davidben@chromium.org>, Yoav Nir <ynir.ietf@gmail.com>, Hubert Kario <hkario@redhat.com>
Thread-Topic: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]
Thread-Index: AQHRwIH0vKbJKDLeak6qbONpPn1qEJ/eDvwAgAAD04CAADGhgIAAO3CAgAAAdACAAAHTAIAAAlpZ
Date: Tue, 7 Jun 2016 21:23:18 +0000
Message-ID: <CO1PR07MB283907E5F210A94BE818DA6C35D0@CO1PR07MB283.namprd07.prod.outlook.com>
References: <CAF8qwaDuGyHOu_4kpWN+c+vJKXyERPJu-2xR+nu=sPzG5vZ+ag@mail.gmail.com> <CAJU8_nU6dN7_GgjkC9c5VJawi91B4SpyvgyYU+_F4HeLtHWUaw@mail.gmail.com> <19D9A152-3801-44DA-ADF0-345011EDF54D@gmail.com> <4418055.GXTqvqFNm1@pintsize.usersys.redhat.com> <60729080-E56E-41D5-AAB0-FAD46FCE1C00@gmail.com> <CAF8qwaByu9+Smb7Bt9H+ffDozO7J49RBzOez1dVGmfi_3w-jXw@mail.gmail.com>, <BN3PR03MB1445876F534D9F09882F7B3F8C5D0@BN3PR03MB1445.namprd03.prod.outlook.com>
In-Reply-To: <BN3PR03MB1445876F534D9F09882F7B3F8C5D0@BN3PR03MB1445.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=softfail (sender IP is 25.152.66.55) smtp.mailfrom=hotmail.com; microsoft.com; dkim=none (message not signed) header.d=none;microsoft.com; dmarc=fail action=none header.from=hotmail.com;
received-spf: SoftFail (protection.outlook.com: domain of transitioning hotmail.com discourages use of 25.152.66.55 as permitted sender)
x-tmn: [TyiHHtwkIS9hovG620dzl6HzSeAArETJ]
x-eopattributedmessage: 0
x-forefront-antispam-report: CIP:25.152.66.55; IPV:NLI; CTRY:GB; EFV:NLI; SFV:NSPM; SFS:(10019020)(98900003); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3NAM01HT229; H:CO1PR07MB283.namprd07.prod.outlook.com; FPR:; SPF:None; LANG:en;
x-ms-office365-filtering-correlation-id: 92c9fd6e-971c-422b-8a39-08d38f19f232
x-microsoft-antispam: UriScan:; BCL:1; PCL:0; RULEID:(1601124038)(5061506196)(5061507196)(1603103041)(1601125047); SRVR:BN3NAM01HT229;
x-exchange-antispam-report-cfa-test: BCL:1; PCL:0; RULEID:(432015012)(82015046); SRVR:BN3NAM01HT229; BCL:1; PCL:0; RULEID:; SRVR:BN3NAM01HT229;
x-forefront-prvs: 09669DB681
Content-Type: multipart/alternative; boundary="_000_CO1PR07MB283907E5F210A94BE818DA6C35D0CO1PR07MB283namprd_"
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Jun 2016 21:23:18.8320 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3NAM01HT229
X-OriginalArrivalTime: 07 Jun 2016 21:23:20.0569 (UTC) FILETIME=[D0AF2690:01D1C102]
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/fp2jodpa6Pu-35aThRvdgXfXJRA>
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 21:23:24 -0000

I hope that this fix is in the GDR branch now. TLS 1.2 is important.

________________________________
From: TLS <tls-bounces@ietf.org>; on behalf of Andrei Popov <Andrei.Popov@microsoft.com>;
Sent: Tuesday, June 07, 2016 2:14:32 PM
To: David Benjamin; Yoav Nir; Hubert Kario
Cc: tls@ietf.org
Subject: Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]

Jumping to the end of the thread, it looks like this is an FTP issue that repros when TLS 1.2 is negotiated. Not a TLS version intolerance.
The conclusion seems to be that https://support.microsoft.com/en-us/kb/2888853 resolves the issue, by updating FTP binaries.

Cheers,

Andrei

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of David Benjamin
Sent: Tuesday, June 7, 2016 2:08 PM
To: Yoav Nir <ynir.ietf@gmail.com>;; Hubert Kario <hkario@redhat.com>;
Cc: tls@ietf.org
Subject: Re: [TLS] [FORGED] Re: no fallbacks please [was: Downgrade protection, fallbacks, and server time]

On Tue, Jun 7, 2016 at 5:06 PM Yoav Nir <ynir.ietf@gmail.com<mailto:ynir.ietf@gmail.com>> wrote:

> On 7 Jun 2016, at 8:33 PM, Hubert Kario <hkario@redhat.com<mailto:hkario@redhat.com>> wrote:
>
> On Tuesday 07 June 2016 17:36:01 Yoav Nir wrote:
>> I'm not sure this helps.
>>
>> I've never installed a server that is version intolerant. TLS stacks
>> from OpenSSL, Microsoft,
>
> are you sure about that Microsoft part?
>
> there is quite a long thread on the filezilla forums about TLS version
> tolerance in IIS:
> https://forum.filezilla-project.org/viewtopic.php?f=2&t=27898

That's surprising.

The last time I tested with an IIS servers it was Windows Server 2003 and 2008. They did not support TLS 1.2, so I wanted to check if they could tolerate a TLS 1.2 ClientHello. They did. Of course, they replied with TLS 1.0, but that was expected.

It's strange that this behavior would degrade for much newer versions of Windows that came out at a time where several browsers were already offering TLS 1.2. I wonder if it's just the FTP or also IIS.

This is the first I've heard of this and I believe neither Chrome nor Firefox accept TLS 1.2 intolerance and below anymore. To my knowledge, that has successfully been driven out of the ecosystem.

David