Re: [TLS] Client Hello size intolerance Was: Re: Thoughts on Version Intolerance
Brian Smith <brian@briansmith.org> Wed, 27 July 2016 02:33 UTC
Return-Path: <brian@briansmith.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 440BE12DD36 for <tls@ietfa.amsl.com>; Tue, 26 Jul 2016 19:33:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTUpYU7P-rZk for <tls@ietfa.amsl.com>; Tue, 26 Jul 2016 19:33:14 -0700 (PDT)
Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F73912DCA8 for <tls@ietf.org>; Tue, 26 Jul 2016 19:27:33 -0700 (PDT)
Received: by mail-io0-x235.google.com with SMTP id q83so57462094iod.1 for <tls@ietf.org>; Tue, 26 Jul 2016 19:27:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1CU/9A05TvfILyIDgKDBOzq6v57QA5XE3V4O93d0vFo=; b=HIgj4mgendpM8am3fvP/0IAxsoC9QwpYyTcbN3VF3JSpXkjHSRoEng2ZKOc7z2kd7T ZtaKbHKTQwL51Kb1Igqwb2lCofRG+amadFWEImX8s3/pDbQ4ZsGpC9Reu7mOwdHJHhv9 ZlNoRhgLhWDERnDTYL8QiNbSYGHxxv6UrGXYd40T0VrG4s/icXFAfWZD5D89c4ilKcIm m6zdV5iL6EdffsfCMg/R08tB9sr4bmhokr4sVSPBx64V2LEldeIqntvzFrzTp/BUGwWW 5K8PGKrPxKxM5ygeopIb9r2XDmzmMO3MFQFNUeb4dZxd+C7LSSCtNGoM0mLV8bzyQhh1 6reQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1CU/9A05TvfILyIDgKDBOzq6v57QA5XE3V4O93d0vFo=; b=Uc0pOSgM7shhuB5rNkKcTL3kBu7QFiiaqtAI252D8tY5fOxLSxZObzuBErVUNLrI1F WUwFJpCDKmIuTk0xH9wQxfPxH1j+fahx/3WAlXZIkhVWTZ5F1quHpS9BOhY5f+QskfAh W2WuujSjyvNlz6iethibzGasYcwR6F3sXmvbNRHzO/A3nIjeLc+aSBr+RWXOFD4Tr0SF mfHc+hkrslCfz7VB/szErMH/dCl5lfHOPxJq43QG5E6JzddbIgvwyEwB5wU0uDzsULBp dCgIk4GWc9RjvLfni3D/ayFkowkYwOTP7hqnxTr9jr9znFiVeI7/xEOUg/NIJEiZNaJe MimA==
X-Gm-Message-State: AEkoouvwqoZbvOabgcgqq4/YkpE5bpoLyuFnSSjbJFFxDojU7vLisLX6cNN8d9XBJi4kCL0Rm14qYMgEp8C3DA==
X-Received: by 10.107.9.231 with SMTP id 100mr30383500ioj.196.1469586453033; Tue, 26 Jul 2016 19:27:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.74.73 with HTTP; Tue, 26 Jul 2016 19:27:32 -0700 (PDT)
In-Reply-To: <10280200.XEPfMK1A2H@pintsize.usersys.redhat.com>
References: <20160720173027.9BC3D1A504@ld9781.wdf.sap.corp> <201607211604.25745.davemgarrett@gmail.com> <2581885.dP5x8nd4GP@pintsize.usersys.redhat.com> <10280200.XEPfMK1A2H@pintsize.usersys.redhat.com>
From: Brian Smith <brian@briansmith.org>
Date: Tue, 26 Jul 2016 16:27:32 -1000
Message-ID: <CAFewVt64sj2-oFQDL=PKDcfJifaLc=yNwyaz_Dy2j57e2qAKqQ@mail.gmail.com>
To: Hubert Kario <hkario@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/wVcAzoSuJrMl-3fy1XiLN6BlYhs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Client Hello size intolerance Was: Re: Thoughts on Version Intolerance
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2016 02:33:15 -0000
Hubert Kario <hkario@redhat.com> wrote: > 170 were detected as TLS 1.3 incompatible (3.9%) > 183 were detected as TLS 1.4 incompatible (4.2%) > 229 were detected as TLS 1.253 incompatible (5.22%) > > in the below excerpt (full list below, this is just entries that have at least > 4 servers with same behaviour), "e/<number>" means that it's the smallest size > of "Very Compatible" client hello extended through the padding extension that > causes its rejection by server, similarly "c/<number>" indicates smallest size > rejected by server when the client hello is made big through addition of > cipher suite IDs > Cumulative distribution function for size intolerancies looks like this: > > size <c/512 12 0.2733 > size <c/1024 16 0.3644 > size <c/2048 33 0.7515 > size <c/4096 47 1.0704 > size <c/8192 47 1.0704 > size >=c/8192 4064 92.5529 This seems like a good indication that clients should limit the number of cipher suites in the client hello. > > size <e/512 0 0 > size <e/1024 0 0 > size <e/2048 11 0.2505 A finer-grained breakdown of sizes between 0-2048 bytes is a better area to focus on. I personally would try very hard to ensure my ClientHello fits comfortably in a single packet if at all possible, at least for a connection to a server that I don't have a session ticket (or equivalent) for. > TLS 1.3 170 3.8742 > TLS 1.4 183 4.1705 > size e/1356 10 0.2279 > size e/1356 c/1356 5 0.1139 > size e/1356 c/1357 5 0.1139 > size e/2046 1 0.0228 > size e/2046 c/1979 1 0.0228 > size e/2049 4 0.0912 > size e/2049 c/1153 1 0.0228 > size e/2049 c/2049 2 0.0456 > size e/2049 c/2050 1 0.0228 > size e/2053 1 0.0228 > size e/2053 c/555 1 0.0228 When we consider the most reasonable (initial) ClientHello sizes, it seems that the ClientHello version number intolerance is a much more significant problem than size intolerance, if I'm understanding your numbers correctly. Cheers, Brian -- https://briansmith.org/
- [TLS] Client Hello size intolerance Was: Re: Thou… Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Yuhong Bao
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Ivan Ristić
- Re: [TLS] Thoughts on Version Intolerance Yuhong Bao
- Re: [TLS] Thoughts on Version Intolerance Yuhong Bao
- Re: [TLS] Thoughts on Version Intolerance David Benjamin
- Re: [TLS] Thoughts on Version Intolerance Brian Smith
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Peter Gutmann
- Re: [TLS] Thoughts on Version Intolerance Ilari Liusvaara
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance David Benjamin
- Re: [TLS] Thoughts on Version Intolerance Watson Ladd
- Re: [TLS] Thoughts on Version Intolerance Martin Rex
- Re: [TLS] Thoughts on Version Intolerance Benjamin Kaduk
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Watson Ladd
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Kyle Rose
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance Martin Rex
- Re: [TLS] Thoughts on Version Intolerance Hanno Böck
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- Re: [TLS] Thoughts on Version Intolerance David Benjamin
- Re: [TLS] Thoughts on Version Intolerance Ilari Liusvaara
- Re: [TLS] Thoughts on Version Intolerance Hubert Kario
- [TLS] Thoughts on Version Intolerance Hanno Böck
- Re: [TLS] Client Hello size intolerance Was: Re: … David Benjamin
- Re: [TLS] Client Hello size intolerance Was: Re: … Hubert Kario
- Re: [TLS] Client Hello size intolerance Was: Re: … Brian Smith
- Re: [TLS] Thoughts on Version Intolerance Dave Garrett
- Re: [TLS] Thoughts on Version Intolerance Ilari Liusvaara