IETF Logo Mail Archive

Re: [TLS] Prohibiting SSL 3.0

Ilari Liusvaara <ilari.liusvaara@elisanet.fi> Wed, 29 October 2014 11:19 UTC

Return-Path: <ilari.liusvaara@elisanet.fi>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5324F1A1B55 for <tls@ietfa.amsl.com>; Wed, 29 Oct 2014 04:19:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVSwMJEV0J37 for <tls@ietfa.amsl.com>; Wed, 29 Oct 2014 04:19:03 -0700 (PDT)
Received: from emh02.mail.saunalahti.fi (emh02.mail.saunalahti.fi [62.142.5.108]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173B71A1B49 for <tls@ietf.org>; Wed, 29 Oct 2014 04:19:03 -0700 (PDT)
Received: from LK-Perkele-VII (a88-112-44-140.elisa-laajakaista.fi [88.112.44.140]) by emh02.mail.saunalahti.fi (Postfix) with ESMTP id A6E8381828; Wed, 29 Oct 2014 13:18:59 +0200 (EET)
Date: Wed, 29 Oct 2014 13:18:59 +0200
From: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Message-ID: <20141029111859.GA29912@LK-Perkele-VII>
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB0B2@uxcn10-5.UoA.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C739B9DB0B2@uxcn10-5.UoA.auckland.ac.nz>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/s8BhgQrJoCpfYIMEdhxf7EtzL3g
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Prohibiting SSL 3.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 11:19:05 -0000

On Wed, Oct 29, 2014 at 10:51:39AM +0000, Peter Gutmann wrote:
> Hubert Kario <hkario@redhat.com> writes:
> 
> >Even the TLS 1.3 draft says that a client SHOULD NOT send a SSLv2 compatible
> >client hello with server support being stated as MAY. 
> 
> Good grief, it's still allowing SSLv2 after nearly *twenty years*?  This
> should have been MUST NOT for both client and server years ago, and at an
> absolute minimum SHOULD NOT SSLv3 as well.

Also, one can't even use SSLv2 compatible ClientHello for TLS v1.3 because
TLS v1.3 backward compatiblity mode requires extensions, and SSLv2 can't
pass those.

Checking SSL pulse (which I think scans global Internet, not all kinds of
odd internal sites nobody cares about) gives ~19% for SSLv2 (this isn't
the compatiblity hello, this the whole protocol!), which is scary.


-Ilari

v2.23.0 | Report a Bug | By Email