Re: [TLS] What's the right version number in the PreMasterSecret for renegotiation
"Kyle Hamilton" <aerowolf@gmail.com> Tue, 10 August 2010 22:34 UTC
Return-Path: <aerowolf@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7CAEE3A6AEA for <tls@core3.amsl.com>; Tue, 10 Aug 2010 15:34:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.911
X-Spam-Level:
X-Spam-Status: No, score=-0.911 tagged_above=-999 required=5 tests=[AWL=-0.065, BAYES_00=-2.599, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WgFdmPBk1kkl for <tls@core3.amsl.com>; Tue, 10 Aug 2010 15:34:45 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by core3.amsl.com (Postfix) with ESMTP id E99503A6AE6 for <tls@ietf.org>; Tue, 10 Aug 2010 15:34:44 -0700 (PDT)
Received: by qyk8 with SMTP id 8so10007567qyk.10 for <tls@ietf.org>; Tue, 10 Aug 2010 15:35:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:date:message-id :subject:in-reply-to:references:mime-version:content-type; bh=9jdQsDMURQ0nIiJq/s1OdkTa6nWWn7u4kWycz9mIwyk=; b=UxfHg0LUDk+NJsZD7CX+rTMScQwSVPRM6e4Ttcm/9pfu8P+OnwsMMwz7V257n2pm8c Mt2uQpI7uP8UMDgJVz73GoK6PFayEJdgyvg1dcy7OpWL/02Se2p5NT9+cTLz9LRiB6vw 1uTgoIwsN01dI+xWrVqsLVoWu16vlcwvNOMWU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:date:message-id:subject:in-reply-to:references :mime-version:content-type; b=gt0LJRztxQJwl6bPKr/baTHn0W1y7tVqD0kXW87ywoCZ7z55+DajUS8VAxVvSvCmw8 213GqPn6p9vbggeXtEGaW7N3K4Lxkqzcn4sJPSSvdWJjUup4CR9k9ZSWSMbg25cHFKeZ dSbJOLJP73v82nXQYsnrQxclaP9KQXz/8DTiI=
Received: by 10.224.78.32 with SMTP id i32mr10068601qak.42.1281479720050; Tue, 10 Aug 2010 15:35:20 -0700 (PDT)
Received: from [127.0.0.1] (c-76-103-146-6.hsd1.ca.comcast.net [76.103.146.6]) by mx.google.com with ESMTPS id t4sm8496898qcs.4.2010.08.10.15.35.17 (version=SSLv3 cipher=RC4-MD5); Tue, 10 Aug 2010 15:35:18 -0700 (PDT)
From: Kyle Hamilton <aerowolf@gmail.com>
To: Michael D'Errico <mike-list@pobox.com>
Date: Tue, 10 Aug 2010 15:35:16 -0700
Message-ID: <gcpbxpjp2odftlprasjezwJv4X.penango@mail.gmail.com>
In-Reply-To: <4C60B98B.6000004@Sun.COM>
References: <4C60B98B.6000004@Sun.COM>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; charset="x-user-defined"; boundary="gmsm1.4.5eqgcpbxpodvsu3yqdh3i2"
Cc: Xuelei Fan <Xuelei.Fan@sun.com>, tls@ietf.org
Subject: Re: [TLS] What's the right version number in the PreMasterSecret for renegotiation
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Aug 2010 22:34:48 -0000
Can you please explain how and why you came to this conclusion? (Please don't take offense, I'm not disputing the conclusion, I simply wish to be more informed as to why?) -Kyle H On Mon, Aug 9, 2010 at 8:20 PM, Michael D'Errico <mike-list@pobox.com> wrote: > Based on the scenarios below, it looks like Opera is doing the right > thing during the renegotiation while IE 8 is not. > > Mike > > > > Xuelei Fan wrote: >> >> In RFC4346/5246, the specification for client_version in the >> PreMasterSecret is described as: >> --------------- >> struct { >> ProtocolVersion client_version; >> opaque random[46]; >> } PreMasterSecret; >> >> client_version The latest (newest) version supported by the >> client. This is used to detect version roll-back attacks. >> Upon receiving the premaster secret, the server SHOULD check >> that this value matches the value transmitted by the client in >> the client hello message. >> >> .... >> >> Note: The version number in the PreMasterSecret MUST be the version >> offered by the client in the ClientHello, not the version >> negotiated for the connection. This feature is designed to >> prevent rollback attacks. >> --------------- >> >> The spec is clear for initial handshaking. But while testing >> renegotiation, we get two different interpretations of the version >> number in the PreMasterSecret. We noticed Opera (10.50) uses the version >> number offered by the renegotiation ClientHello, while Microsoft IE 8 >> (IE 8 at Windows 7) uses the version number offered by the ClientHello >> in the initial handshaking. >> >> For Opera, the scenario looks like: >> >> Opera <--------------> TLS server >> --->ClientHello V1.2---> >> <---ServerHello V1.1<--- >> ... >> --->PreMasterSecret (v1.2)---> (as expected) >> ... >> <---HelloRequest<---- >> ---->ClientHello v1.1----> (ask for an abbreviated handshake) >> <---ServerHello V1.1<--- (not resumable, new session) >> ... >> --->PreMasterSecret (v1.1)---> (*) >> >> >> For IE 8, the scenario looks like: >> >> IE 8<--------------> TLS server >> --->ClientHello V1.2---> >> <---ServerHello V1.1<--- >> ... >> --->PreMasterSecret (v1.2)---> (as expected) >> ... >> <---HelloRequest<---- >> ---->ClientHello v1.1----> (ask for an abbreviated handshake) >> <---ServerHello V1.1<--- (not resumable, new session) >> ... >> --->PreMasterSecret (v1.2)---> (**) >> >> (*) Opera uses the version number offered by the ClientHello in the >> renegotiation handshaking. >> (**) IE 8 uses the version number offered by the ClientHello in the >> initial handshaking. >> >> Please help to clarify what's the correct version number choice for >> renegotiation. >> >> Thanks, >> Xuelei (Andrew) Fan > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] What's the right version number in the PreM… Xuelei Fan
- Re: [TLS] What's the right version number in the … Michael D'Errico
- Re: [TLS] What's the right version number in the … Martin Rex
- Re: [TLS] What's the right version number in the … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] What's the right version number in the … Kyle Hamilton
- Re: [TLS] What's the right version number in the … Michael D'Errico
- Re: [TLS] What's the right version number in the … Xuelei Fan
- Re: [TLS] What's the right version number in the … Martin Rex
- Re: [TLS] What's the right version number in the … Andrei Popov
- Re: [TLS] What's the right version number in the … Michael D'Errico
- [TLS] [Fwd: Re: What's the right version number i… Michael D'Errico