IETF Logo Mail Archive

Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 11 February 2015 16:41 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B3451A028A for <tls@ietfa.amsl.com>; Wed, 11 Feb 2015 08:41:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHRIGS9d9u-Z for <tls@ietfa.amsl.com>; Wed, 11 Feb 2015 08:41:31 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 49DA11A1A78 for <tls@ietf.org>; Wed, 11 Feb 2015 08:41:31 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 5F7B5F984; Wed, 11 Feb 2015 11:41:28 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 877C91FFAB; Wed, 11 Feb 2015 11:41:38 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Kurt Roeckx <kurt@roeckx.be>, Dave Garrett <davemgarrett@gmail.com>
In-Reply-To: <20141226181139.GA5321@roeckx.be>
References: <201412221945.35644.davemgarrett@gmail.com> <20141226181139.GA5321@roeckx.be>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Wed, 11 Feb 2015 11:41:38 -0500
Message-ID: <871tlwpfi5.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/qDPoKZdIPDjBmmkN7mQ5ZcypBjA>
Cc: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>
Subject: Re: [TLS] drop obsolete SSL 2 backwards compatibility from TLS 1.3 draft
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Feb 2015 16:41:33 -0000

On Fri 2014-12-26 13:11:39 -0500, Kurt Roeckx wrote:
> On Mon, Dec 22, 2014 at 07:45:35PM -0500, Dave Garrett wrote:
>> I've submitted a straightforward PR to remove the SSL 2 backwards compatibility 
>> section from the current TLS 1.3 draft:
>> 
>> https://github.com/tlswg/tls13-spec/pull/105
>> 
>> SSL 2.0 backwards compatibility was previously deprecated in TLS 1.2 (2008) and 
>> was warned to be "phased out with all due haste". RFC 6176 (2011) prohibits it 
>> entirely. It's a section of obsolete complexity still in the draft.
>> 
>> The PR replaces the section with a simple "MUST NOT" send or accept for TLS 1.3 
>> implementations.
>
> I'm having mixed feelings about this.
>
> It's saying that you should refuse a connection from a client that
> supports TLS 1.0 but set it up using a SSLv2 compatible client
> hello.  If TLS 1.0 is still acceptable, why would you refuse such
> a connection?

It's not saying that.  It says:

   Implementations MUST NOT negotiate TLS 1.3 or later using an SSL
   version 2.0 compatible CLIENT-HELLO. Implementations MAY accept an
   SSL version 2.0 compatible CLIENT-HELLO in order to negotiate older
   versions of TLS, however this is not recommended.

So if the client connects with an SSLv2 handshake, we can negotiate TLS
1.0 with it (while acknowledging that this isn't a recommended state).


    --dkg

v2.23.0 | Report a Bug | By Email