[TLS] Protocol Version Alert Wording
Michael D'Errico <mike-list@pobox.com> Tue, 22 June 2010 18:12 UTC
Return-Path: <mike-list@pobox.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 94B1D3A68C6 for <tls@core3.amsl.com>; Tue, 22 Jun 2010 11:12:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.516
X-Spam-Level:
X-Spam-Status: No, score=-0.516 tagged_above=-999 required=5 tests=[AWL=-0.517, BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TIRV3xT-5xkl for <tls@core3.amsl.com>; Tue, 22 Jun 2010 11:12:25 -0700 (PDT)
Received: from sasl.smtp.pobox.com (a-pb-sasl-quonix.pobox.com [208.72.237.25]) by core3.amsl.com (Postfix) with ESMTP id 3142A3A686A for <tls@ietf.org>; Tue, 22 Jun 2010 11:12:25 -0700 (PDT)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 691D0BEBFE for <tls@ietf.org>; Tue, 22 Jun 2010 14:12:32 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=message-id :date:from:mime-version:to:subject:content-type :content-transfer-encoding; s=sasl; bh=sFhFXPMExZ8Sy0JUPw2dkOoLo ug=; b=aXA2UN/yUcPIEFrAe6CpIdCkUZ3v48TWANp8R2DMD7D69nqivwZvPIL1t BB76ZeOKh5KREHWtBh/qm0oBHK5LI9Bd3GWTfeZZPcGeuyFNP3pgPr18rhWm+TAh Mj+H2vf2wgsQnV2TRV4Z1tjjeIo6jJQN3vWFtGoYMlDwBSaQFk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=message-id:date :from:mime-version:to:subject:content-type :content-transfer-encoding; q=dns; s=sasl; b=RNKs9bawpVxmhYBb90R 0ksDd+qT/oDe4BbAxkOFE4Fma2xSem6jUkhHgSuYzL7fai2dJvk4XifR9GqemCEn fwgEEGke5pIa9BTdcg1cyoLcmQJRj0IcW6Ac+bvlx/rIOOgVbFDjUBrfbFJAUeai GWknclNsi4OOCquijVXpkZbM=
Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id 65904BEBFD for <tls@ietf.org>; Tue, 22 Jun 2010 14:12:32 -0400 (EDT)
Received: from administrators-macbook-pro.local (unknown [24.234.114.35]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 205E8BEBFC for <tls@ietf.org>; Tue, 22 Jun 2010 14:12:31 -0400 (EDT)
Message-ID: <4C20FD0F.2050801@pobox.com>
Date: Tue, 22 Jun 2010 11:12:31 -0700
From: Michael D'Errico <mike-list@pobox.com>
User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812)
MIME-Version: 1.0
To: TLS Mailing List <tls@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Pobox-Relay-ID: BA026D66-7E29-11DF-B3F8-9056EE7EF46B-38729857!a-pb-sasl-quonix.pobox.com
Subject: [TLS] Protocol Version Alert Wording
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jun 2010 18:12:26 -0000
The language in RFC 5246 for the protocol_version alert is possibly the
cause of the recently noticed behavior of a few high-profile HTTPS servers
that abort any handshake where the client asks for TLS versions 1.1 or 1.2:
protocol_version
The protocol version the client has attempted to negotiate is
recognized but not supported. (For example, old protocol versions
might be avoided for security reasons.) This message is always
fatal.
This text seems to suggest that if you recognize TLS version 1.2, but do
not implement that version, then you are justified in sending an alert,
which MUST be fatal.
Clearly that is wrong since the spec. later says:
server_version
This field will contain the lower of that suggested by the client
in the client hello and the highest supported by the server....
A suggestion for better text for the protocol_version alert could be:
protocol_version
The protocol version the client has attempted to negotiate is
lower than the minimum version supported by the server. (Old
protocol versions might be avoided for security reasons.) This
message is always fatal.
Mike
- [TLS] Protocol Version Alert Wording Michael D'Errico