IETF Logo Mail Archive

Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)

mrex@sap.com (Martin Rex) Wed, 23 April 2014 00:14 UTC

Return-Path: <mrex@sap.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D80E1A02AE for <tls@ietfa.amsl.com>; Tue, 22 Apr 2014 17:14:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.552
X-Spam-Level:
X-Spam-Status: No, score=-6.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvRub4j_wWOJ for <tls@ietfa.amsl.com>; Tue, 22 Apr 2014 17:14:56 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id B7ADC1A02B4 for <tls@ietf.org>; Tue, 22 Apr 2014 17:14:55 -0700 (PDT)
Received: from mail05.wdf.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id s3N0EmF9016798 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 23 Apr 2014 02:14:48 +0200 (MEST)
In-Reply-To: <5352FB8A.3070109@akr.io>
To: Alyssa Rowan <akr@akr.io>
Date: Wed, 23 Apr 2014 02:14:48 +0200
X-Mailer: ELM [version 2.4ME+ PL125 (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20140423001448.3E6EA1ACDC@ld9781.wdf.sap.corp>
From: mrex@sap.com
X-SAP: out
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/sTAIg9vnzZN_ShVVS2sSCHtPsNE
Cc: tls@ietf.org
Subject: Re: [TLS] RC4 Considered Harmful (Was: RC4 deprecation path)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: mrex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Apr 2014 00:14:57 -0000

Alyssa Rowan wrote:
>
> > 1.56% or TLS servers support only RC4.
> 
> Partly because of PCI compliance testers making noise about BEAST, I'm
> thinking.

BEAST was and still is a pretty stupid hype.

Even the ssl test at qualys is still making bogus claims about
servers not being BEAST-patched.  Unless your server is a SSL-VPN server
or will boldly execute client-supplied active content, there can not
possibly be a BEAST vulnerability in the TLS server.


The larger problem with the use of RC4 is that a number of dense
TLS clients (e.g. Java) send RC4 cipher suites at the very beginning
of the list of cipher suites, and a number of dense TLS server
choose the first shared cipher from the list proposed by the client
rather then the first shared cipher from the list configured by the
server admin.


-Martin

v2.23.0 | Report a Bug | By Email