Re: [TLS] New version intolerance caused by draft-26 supported_versions change?
Eric Rescorla <ekr@rtfm.com> Mon, 09 April 2018 21:30 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57B0612D7F5 for <tls@ietfa.amsl.com>; Mon, 9 Apr 2018 14:30:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTML_OBFUSCATE_05_10=0.26, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nw6w6nDmOzHR for <tls@ietfa.amsl.com>; Mon, 9 Apr 2018 14:30:19 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51D1E12D7F4 for <tls@ietf.org>; Mon, 9 Apr 2018 14:30:19 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id d9-v6so8140309oth.10 for <tls@ietf.org>; Mon, 09 Apr 2018 14:30:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=8uty4YSAO7gSd+eI2HiOL354E1E12Lc07sKB8t9cJdc=; b=Mvu1wbdvJv3eS+DE8DiqWPeka0OqnJhBlreBK5RcUBbvHX68ejMrokQmBWMsONKDYQ SQGjmQOMBkxCZtsabrcGO0imeHUn9YUytxLP7RJIkAGq66MiaijxGxzQXXdUbcCLOEoV z2PL/5kWHQgHwT2wSwCmulKUdckUFcuuGgLwzMD70lo8y/o721oq0rb/roppUm0mj13/ hlvicjwPx7FfZJQ5QRAuiiZRyBqC3lvzKfRsnOP3+tR+QICxdtuACaVizlnxcW8AQdjI 0r8IEmYhJ2z9d5zeYvlBRW1p7FDRMWEKGOISy2rjOWuF5TOYPQ5YsQNKa2MNg29QRfDB gQwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=8uty4YSAO7gSd+eI2HiOL354E1E12Lc07sKB8t9cJdc=; b=PLraK7WEYw/zZlqP9ps/2iommGIyHzPzJEoVmPN6I/S0o+5z8YWgKUsG4ZZGv9bpft pZMoKdprQOK39yvPQaoUP+w/cK1GWdjfPpjFNa9CZtvQ0OULvXXP2A/I1Tdf0MpCHH3I i2D0Wi1DGXbUhuKN2BomFcyvAdTkhY0tqOMRKrjGFxGcQDxRZP6csFS4xomDf6QUiZRk UCAgzwFviWnd++uvgWn4VN/RXne7nCB9NEd+9wHWmnsEsPOzh1aNsPtR7Hr2TkLCih/o R/otf6vOE3EOIoxBHxdAOvxTrgfF/y6DzAJ8chUFNf131/ACFSFwxDUSCHbljrreirXi Brag==
X-Gm-Message-State: ALQs6tCMoAZ4T0WWuPa87JVnBKsIxGV8zuT7agoXA04LSXTYuyHFCU1F 8YHrI1q6L3IrfpIChDrg7A2FdtkeqNxV9bw0v+3FDJIGXVU=
X-Google-Smtp-Source: AIpwx4+NaBvHR5vlSviqTGLTEpYH/4vrqGI2kNOzHQpuMjykWbKGtykmqOkUxS8NAniFkGhM4X58R2B44iVd4Zl2Zyk=
X-Received: by 2002:a9d:2a09:: with SMTP id t9-v6mr14935587ota.392.1523309418493; Mon, 09 Apr 2018 14:30:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.138.18.130 with HTTP; Mon, 9 Apr 2018 14:29:38 -0700 (PDT)
In-Reply-To: <CACaGAp=X6Bwa26jx-=kU13TQG4r5PjZ9qyY+4t6gXzcqVfD71Q@mail.gmail.com>
References: <CACaGAp=X6Bwa26jx-=kU13TQG4r5PjZ9qyY+4t6gXzcqVfD71Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 09 Apr 2018 14:29:38 -0700
Message-ID: <CABcZeBPgdE=85cfoDZxyS8=4qTwP13C-C0HW7_SOuKU3FV+Ykg@mail.gmail.com>
To: Joseph Birr-Pixton <jpixton@gmail.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c5d0480569711ccc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/tk_iYoM18Z7yRYybEjtlPzmETNg>
Subject: Re: [TLS] New version intolerance caused by draft-26 supported_versions change?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2018 21:30:22 -0000
On Mon, Apr 9, 2018 at 2:16 PM, Joseph Birr-Pixton <jpixton@gmail.com> wrote: > Hello, > > PR#1163 in draft-26 seems to have broken interop with previous drafts > with a variety of deployed implementations. draft-26 and later clients > fail with a protocol_version alert. > > Affected Internet servers include: > > cloudflare.com: offers draft-23, intolerant to draft-26 > www.apple.com: seemingly unwilling to negotiate any draft, but > intolerant anyway(?) > www.microsoft.com: same > google.com: same > > https://jbp.io/assets/tls13-logs/cloudflare.broken.txt > https://jbp.io/assets/tls13-logs/apple.broken.txt > https://jbp.io/assets/tls13-logs/microsoft.broken.txt > https://jbp.io/assets/tls13-logs/google.broken.txt > > In all these cases, offering TLS1.2 in supported_versions (ie, the > pre-draft-26 behaviour) works, and TLS1.2 is negotiated: > You're just sending supported_versions = {0x7f1a}, but that's not correct. You need to send {0x7f1a, 0x0303}: " The "supported_versions" extension is used by the client to indicate which versions of TLS it supports and by the server to indicate which version it is using. The extension contains a list of supported versions in preference order, with the most preferred version first. Implementations of this specification MUST send this extension in the ClientHello containing all versions of TLS which they are prepared to negotiate (for this specification, that means minimally 0x0304, but if previous versions of TLS are allowed to be negotiated, they MUST be present as well). " So what's happening here is the any server which knows about TLS 1.3 (supported_versions) is getting a version mismatch. PR#1163 was just about what the server sends. -Ekr > https://jbp.io/assets/tls13-logs/cloudflare.works.txt > https://jbp.io/assets/tls13-logs/apple.works.txt > https://jbp.io/assets/tls13-logs/microsoft.works.txt > https://jbp.io/assets/tls13-logs/google.works.txt > > Corroboration appreciated. It's totally possible I'm doing something > stupid :) > > Thanks, > Joe > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] New version intolerance caused by draft-26 … Joseph Birr-Pixton
- Re: [TLS] New version intolerance caused by draft… Joseph Birr-Pixton
- Re: [TLS] New version intolerance caused by draft… Benjamin Kaduk
- Re: [TLS] New version intolerance caused by draft… Salz, Rich
- Re: [TLS] New version intolerance caused by draft… Eric Rescorla