Re: [TLS] Thoughts on Version Intolerance

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 20 July 2016 10:57 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BECE12D594 for <tls@ietfa.amsl.com>; Wed, 20 Jul 2016 03:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.187
X-Spam-Level:
X-Spam-Status: No, score=-3.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U2N257riOeUI for <tls@ietfa.amsl.com>; Wed, 20 Jul 2016 03:57:43 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 7D89312D0F7 for <tls@ietf.org>; Wed, 20 Jul 2016 03:57:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 6EBC51260 for <tls@ietf.org>; Wed, 20 Jul 2016 13:57:41 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id 9DTzHWutcgdJ for <tls@ietf.org>; Wed, 20 Jul 2016 13:57:41 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 1FD9C2310 for <tls@ietf.org>; Wed, 20 Jul 2016 13:57:41 +0300 (EEST)
Date: Wed, 20 Jul 2016 13:57:36 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: tls@ietf.org
Message-ID: <20160720105736.GA22387@LK-Perkele-V2.elisa-laajakaista.fi>
References: <20160718130843.0320d43f@pc1> <1735315.hXCMA8agXV@pintsize.usersys.redhat.com> <2867948.pp4OFeU9TP@pintsize.usersys.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <2867948.pp4OFeU9TP@pintsize.usersys.redhat.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/p0vFuHMsjbkVF2OUw7gFjFrGDO8>
Subject: Re: [TLS] Thoughts on Version Intolerance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 10:57:46 -0000

On Wed, Jul 20, 2016 at 11:20:46AM +0200, Hubert Kario wrote:
> 
> So I have partial results after scanning around 14 000 domains.
> The scanner was able to connect to 12 606 hosts that presented unexpired
> certificates signed by CA's in Mozilla root program.
> 
> Of those:
> 93% support TLSv1.2 protocol (11807)
> a single one is intolerant to TLSv1.2 Client Hello
> 3.7% (469) are intolerant to TLSv1.3 Client Hello
> 4.4% (556) are intolerant to TLSv1.4 Client Hello
> 
> (by intolerant, I mean, I was not able to connect to them with any hello
> message that looked like an IE, Chrome or Firefox Client Hello with just
> version changed or additionally some or all extensions removed)
> 
> at the same time, 15.5% (1965) are intolerant to an "Xmas tree" Client
> Hello (one that includes many ciphers, few TLSv1.3 key shares, etc. bringing
> its size to something like 2800 bytes)

Wonder how big part of the difference is due to steps (eg. 1024 and
2048 bytes) in between and how much is due to the extra extensions or
cihpers.

> 49% (6240) are intolerant to a Client Hello with no extensions but
> big number of ciphers that bring its size to 16388 bytes)
> 91.5% (11539) are intolerant to a Client Hello with no extensions
> but a number of ciphers that bring it well above single record layer limit
> (16.5KiB)

Wonder how much of that is again size thresholds (in Ciphersuites and
in total ClientHello size) and how much is fragmenting the Client
Hello to multiple fragments...


-Ilari