Re: [TLS] MS14-066 and the TLS premaster secret version check
Yuhong Bao <yuhongbao_386@hotmail.com> Wed, 26 November 2014 18:49 UTC
Return-Path: <yuhongbao_386@hotmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B961A1A1B2E for <tls@ietfa.amsl.com>; Wed, 26 Nov 2014 10:49:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.66
X-Spam-Level:
X-Spam-Status: No, score=-1.66 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BVMVroq7E15c for <tls@ietfa.amsl.com>; Wed, 26 Nov 2014 10:49:19 -0800 (PST)
Received: from BLU004-OMC4S4.hotmail.com (blu004-omc4s4.hotmail.com [65.55.111.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C12B1A1A9B for <tls@ietf.org>; Wed, 26 Nov 2014 10:49:19 -0800 (PST)
Received: from BLU177-W36 ([65.55.111.137]) by BLU004-OMC4S4.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Wed, 26 Nov 2014 10:49:18 -0800
X-TMN: [5IdxrUmty2rS8ReTv5yZjhToj+CnnDYk]
X-Originating-Email: [yuhongbao_386@hotmail.com]
Message-ID: <BLU177-W36FAC3A32EF01717B9D15AC3700@phx.gbl>
From: Yuhong Bao <yuhongbao_386@hotmail.com>
To: Andrei Popov <andrei.popov@microsoft.com>, "tls@ietf.org" <tls@ietf.org>, "mrex@sap.com" <mrex@sap.com>
Date: Wed, 26 Nov 2014 10:49:18 -0800
Importance: Normal
In-Reply-To: <BN3PR0301MB125094452CF55FCC73D868858C700@BN3PR0301MB1250.namprd03.prod.outlook.com>
References: <BLU177-W41509B9090B70F71C074CAC3730@phx.gbl>, <BN3PR0301MB12502D23F123924A138DB3F48C730@BN3PR0301MB1250.namprd03.prod.outlook.com>, <BLU177-W29DCCEF437786974F9584C3700@phx.gbl>, <BN3PR0301MB1250AA21EFB9649DD8AE40858C700@BN3PR0301MB1250.namprd03.prod.outlook.com>, <BLU177-W40676C810F9BCAB8C860A0C3700@phx.gbl>, <BN3PR0301MB125094452CF55FCC73D868858C700@BN3PR0301MB1250.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 26 Nov 2014 18:49:18.0598 (UTC) FILETIME=[AF200A60:01D009A9]
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/lQBFb2kdqSYCjB5XIvcaJgFIgKg
Subject: Re: [TLS] MS14-066 and the TLS premaster secret version check
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 18:49:20 -0000
Yea, I realized it now. But I forgot to mention that they also made the mistake of using DHE_RSA key exchange for AES GCM when the other cipher suites uses ECDHE_RSA. I expect at some point that AES GCM with ECDHE_RSA key exchange will be backported, like what Win10 tech preview has already. ---------------------------------------- > From: Andrei.Popov@microsoft.com > To: yuhongbao_386@hotmail.com; tls@ietf.org; mrex@sap.com > Subject: RE: [TLS] MS14-066 and the TLS premaster secret version check > Date: Wed, 26 Nov 2014 17:47:09 +0000 > >> The point was that since a new version of SChannel will be shipped with the new update anyway, ... > > Per my previous message, this is not necessarily the case. A new update may just include the kernel binary that was missed the first time around. No need to touch schannel.dll to fix the problem with the ciphers. > > Cheers, > > Andrei > > -----Original Message----- > From: Yuhong Bao [mailto:yuhongbao_386@hotmail.com] > Sent: Tuesday, November 25, 2014 5:18 PM > To: Andrei Popov; tls@ietf.org; mrex@sap.com > Subject: RE: [TLS] MS14-066 and the TLS premaster secret version check > > The point was that since a new version of SChannel will be shipped with the new update anyway, it should be easy to backport the fix for the TLS premaster secret version check to this new version. > > ---------------------------------------- >> From: Andrei.Popov@microsoft.com >> To: yuhongbao_386@hotmail.com; tls@ietf.org; mrex@sap.com >> Subject: RE: [TLS] MS14-066 and the TLS premaster secret version check >> Date: Wed, 26 Nov 2014 01:13:58 +0000 >> >>> I asked because it backported a lot of Win8.1 SChannel in addition to the security fixes. >> >> In addition to security fixes, MS14-066 includes a back-port of cipher suites added by KB 2919355 (http://support.microsoft.com/kb/2919355). >> >> Unfortunately, MS14-066 includes the wrong version of a kernel binary, so it only adds the new ciphers for user-mode SSPI callers. When a kermel-mode SSPI caller (e.g. HTTP.SYS) negotiates one of the newly added cipher suites, the connection fails at the end of the handshake. Update 3018238 disables these new cipher suites, for now. >> >>> To be honest, they screwed up the backport of the new GCM cipher suites anyway, and to fix this will require a new SChannel, right? >> >> I expect that there will be a new update that will include the correct binaries, so the new cipher suites will work for the kernel-mode SSPI callers. >> >> Cheers, >> >> Andrei >> >> -----Original Message----- >> From: Yuhong Bao [mailto:yuhongbao_386@hotmail.com] >> Sent: Tuesday, November 25, 2014 4:38 PM >> To: Andrei Popov; tls@ietf.org; mrex@sap.com >> Subject: RE: [TLS] MS14-066 and the TLS premaster secret version check >> >> I asked because it backported a lot of Win8.1 SChannel in addition to the security fixes. >> To be honest, they screwed up the backport of the new GCM cipher suites anyway, and to fix this will require a new SChannel, right? >> >> ---------------------------------------- >>> From: Andrei.Popov@microsoft.com >>> To: yuhongbao_386@hotmail.com; tls@ietf.org; mrex@sap.com >>> Subject: RE: [TLS] MS14-066 and the TLS premaster secret version >>> check >>> Date: Tue, 25 Nov 2014 23:43:03 +0000 >>> >>> Hi Yuhong, >>> >>> The interop problem related to premaster secret version check is resolved in Win8 and above. >>> >>> MS14-066 is not related: it fixes a few security issues we found internally. >>> >>> Cheers, >>> >>> Andrei >>> >>> -----Original Message----- >>> From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Yuhong Bao >>> Sent: Tuesday, November 25, 2014 3:07 AM >>> To: tls@ietf.org; mrex@sap.com >>> Subject: [TLS] MS14-066 and the TLS premaster secret version check >>> >>> Has the incorrect premaster secret version check described in this been fixed in MS14-066: >>> http://www.ietf.org/mail-archive/web/tls/current/msg08139.html >>> >>> Yuhong Bao >>> _______________________________________________ >>> TLS mailing list >>> TLS@ietf.org >>> https://www.ietf.org/mailman/listinfo/tls >> >
- [TLS] MS14-066 and the TLS premaster secret versi… Yuhong Bao
- Re: [TLS] MS14-066 and the TLS premaster secret v… Yuhong Bao
- Re: [TLS] MS14-066 and the TLS premaster secret v… Andrei Popov
- Re: [TLS] MS14-066 and the TLS premaster secret v… Yuhong Bao
- Re: [TLS] MS14-066 and the TLS premaster secret v… Andrei Popov
- Re: [TLS] MS14-066 and the TLS premaster secret v… Yuhong Bao
- Re: [TLS] MS14-066 and the TLS premaster secret v… Andrei Popov
- Re: [TLS] MS14-066 and the TLS premaster secret v… Yuhong Bao