IETF Logo Mail Archive

Re: [TLS] Prohibiting SSL 3.0

Yoav Nir <ynir.ietf@gmail.com> Wed, 29 October 2014 15:07 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92411A0199 for <tls@ietfa.amsl.com>; Wed, 29 Oct 2014 08:07:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ax977SuSr-dX for <tls@ietfa.amsl.com>; Wed, 29 Oct 2014 08:07:03 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 448791A01D6 for <tls@ietf.org>; Wed, 29 Oct 2014 08:06:58 -0700 (PDT)
Received: by mail-la0-f43.google.com with SMTP id ge10so2702972lab.2 for <tls@ietf.org>; Wed, 29 Oct 2014 08:06:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=9ty9EKnxb7LpV7VyAC0+NHAR2y+1+I2BQ1LHey3WL08=; b=XlY3Rgw1yX1aum8279otCTOgP7z4r1nvT2ymV3Wd5XwgB5IbZqJ9bPXCQHCk/92Dw+ wMlTgXOoKTHGEguoN07PY8Jmvvxjzs2ihf69d2WIJegQ6+145g+fUAccqiqf+BKffe+4 YL22OgTtV53AoXPL39yO6sJAaBaCQzvIbT2Izhhbq/PoZsc1JXsPxCa8nOuzZrnQr8wt OS3YhVAuuM0mjyCn+kWke4yw/cr3dLBiWvfPsd8/DTF7G3ytz4T0ReO0ni8PxMq+P0L1 XZ3h60YQLKQuzNGRHdHs/iOgS9LMu+hnWVGHG2kidJFKyQPpy4zJlTXlzKoov8mDPVfg WOaw==
X-Received: by 10.152.120.133 with SMTP id lc5mr12123283lab.62.1414595216544; Wed, 29 Oct 2014 08:06:56 -0700 (PDT)
Received: from [172.24.249.90] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id k7sm2046344lak.22.2014.10.29.08.06.55 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 29 Oct 2014 08:06:55 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <3210934.mtebjy4dFk@pintsize.usersys.redhat.com>
Date: Wed, 29 Oct 2014 17:06:51 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <13B774E2-45AC-4A6C-B91E-71B2C56C5F6E@gmail.com>
References: <9A043F3CF02CD34C8E74AC1594475C739B9DB0B2@uxcn10-5.UoA.auckland.ac.nz> <20141029111859.GA29912@LK-Perkele-VII> <3210934.mtebjy4dFk@pintsize.usersys.redhat.com>
To: Hubert Kario <hkario@redhat.com>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/vOuLhKHBibB2cm7iPkSbbX2Q7uM
Cc: tls@ietf.org
Subject: Re: [TLS] Prohibiting SSL 3.0
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 15:07:08 -0000

> On Oct 29, 2014, at 3:25 PM, Hubert Kario <hkario@redhat.com> wrote:
> 
> On Wednesday 29 October 2014 13:18:59 Ilari Liusvaara wrote:
>> On Wed, Oct 29, 2014 at 10:51:39AM +0000, Peter Gutmann wrote:
>>> Hubert Kario <hkario@redhat.com> writes:
>>>> Even the TLS 1.3 draft says that a client SHOULD NOT send a SSLv2
>>>> compatible client hello with server support being stated as MAY.
>>> 
>>> Good grief, it's still allowing SSLv2 after nearly *twenty years*?  This
>>> should have been MUST NOT for both client and server years ago, and at an
>>> absolute minimum SHOULD NOT SSLv3 as well.
>> 
>> Also, one can't even use SSLv2 compatible ClientHello for TLS v1.3 because
>> TLS v1.3 backward compatiblity mode requires extensions, and SSLv2 can't
>> pass those.
>> 
>> Checking SSL pulse (which I think scans global Internet, not all kinds of
>> odd internal sites nobody cares about) gives ~19% for SSLv2 (this isn't
>> the compatiblity hello, this the whole protocol!), which is scary.
> 
> In my scans (a bit bigger set than SSL Pulse), I see over 1% of servers that 
> don't support anything but SSLv2!

I think that shows that there is an issue with the scan. A server that offers only SSLv2 is not on the web. No modern browser can connect to it. Are your scans going by the most popular HTTP sites that also answer on port 443?  Or are these really HTTPS sites that are accessed as such?

Yoav

v2.23.0 | Report a Bug | By Email