Re: [TLS] Deprecating SSLv3

Nikos Mavrogiannopoulos <> Sat, 22 November 2014 10:40 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 01E501A0180 for <>; Sat, 22 Nov 2014 02:40:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.495
X-Spam-Status: No, score=-7.495 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0fRu7nH-c5Gt for <>; Sat, 22 Nov 2014 02:40:32 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1C0E41A017A for <>; Sat, 22 Nov 2014 02:40:32 -0800 (PST)
Received: from ( []) by (8.13.8/8.13.8) with ESMTP id sAMAeSxB015598; Sat, 22 Nov 2014 05:40:28 -0500
Date: Sat, 22 Nov 2014 05:40:27 -0500
From: Nikos Mavrogiannopoulos <>
To: Martin Thomson <>
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Originating-IP: []
X-Mailer: Zimbra 8.0.6_GA_5922 (ZimbraWebClient - FF31 (Linux)/8.0.6_GA_5922)
Thread-Topic: Deprecating SSLv3
Thread-Index: Qg0fCCTwTi2j/rPt+QvNosGJAKaVvg==
Cc:, Alfredo Pironti <>
Subject: Re: [TLS] Deprecating SSLv3
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 22 Nov 2014 10:40:34 -0000

----- Original Message -----
> Yes, I would be sad if we couldn't say anything more definitive about
> the use of TLS on the big 'I' Internet.  People are of course welcome
> to use rot13 to protect their proprietary communications, noting that
> they won't remain proprietary long if they do.  The same applies here.
> I merged Alfredo's text, and though I've proposed some minor
> grammatical changes, you can see the results live here:

I believe that comparison is way out of proportion, for the following reasons:
* First SSL 3.0 is still in use - at least my experience shows many
SSL 3.0 only services on a typical network (it did only take few hours to get
the first bug report when SSL 3.0 was disabled in the development branch of Fedora),
* there is no new attack on SSLv3 (the attack poodle uses on SSLv3 was already known 10
years ago), and the TLS protocol negotiation is still considered secure enough to
negotiate the latest version supported between two parties
* SSLv3 is orders of magnitude better than plaintext (or rot13).

The latter shows the actual dilema many face at the moment, which is not whether to replace 
SSL 3.0 with TLS 1.2, but what to do to interoperate with the services that can only use 
SSL 3.0 or plaintext. You may choose to ignore them of course but that would also render
that draft not applicable to them.

Note here that I am not advocating the use of SSL 3.0, but it would be beneficial for 
everyone if that draft also described a path which leads to the abolishment of SSL 3.0
in a secure way, for the ones that cannot avoid its use. That highlights the main difference 
with SSL 2.0 and rfc6176; there were no SSL 2.0-only services when it was published.