Re: [TLS] Renego Indication RI patch interaction with TLS major version interop
"Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com> Tue, 15 June 2010 23:50 UTC
Return-Path: <yngve@opera.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 38B163A69E2 for <tls@core3.amsl.com>; Tue, 15 Jun 2010 16:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.999
X-Spam-Level:
X-Spam-Status: No, score=-5.999 tagged_above=-999 required=5 tests=[AWL=-2.000, BAYES_50=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPPDbDoVmttu for <tls@core3.amsl.com>; Tue, 15 Jun 2010 16:50:29 -0700 (PDT)
Received: from smtp.opera.com (smtp.opera.com [213.236.208.81]) by core3.amsl.com (Postfix) with ESMTP id 57B2E3A68E3 for <TLS@ietf.org>; Tue, 15 Jun 2010 16:50:29 -0700 (PDT)
Received: from acorna.invalid.invalid (30.169.202.84.customer.cdi.no [84.202.169.30]) (authenticated bits=0) by smtp.opera.com (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id o5FNoJsb015935 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 15 Jun 2010 23:50:24 GMT
Content-Type: text/plain; charset="iso-8859-15"; format="flowed"; delsp="yes"
To: Simon Josefsson <simon@josefsson.org>, Adam Langley <agl@google.com>
References: <4C17AA89.8060904@extendedsubset.com> <4C17B2FE.7080604@pobox.com> <87d3vs574u.fsf@mocca.josefsson.org> <AANLkTimsd145GswXqoHbkh9ejwYuhe4mL7w4wtVkSmeI@mail.gmail.com>
Date: Wed, 16 Jun 2010 01:50:12 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
From: "Yngve N. Pettersen (Developer Opera Software ASA)" <yngve@opera.com>
Organization: Opera Software AS
Message-ID: <op.vec8hyzoqrq7tp@acorna.invalid.invalid>
In-Reply-To: <AANLkTimsd145GswXqoHbkh9ejwYuhe4mL7w4wtVkSmeI@mail.gmail.com>
User-Agent: Opera Mail/10.53 (Win32)
Cc: TLS@ietf.org
Subject: Re: [TLS] Renego Indication RI patch interaction with TLS major version interop
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2010 23:50:31 -0000
On Tue, 15 Jun 2010 23:31:58 +0200, Adam Langley <agl@google.com> wrote: > On Tue, Jun 15, 2010 at 5:16 PM, Simon Josefsson <simon@josefsson.org> > wrote: >> jas@mocca:~$ gnutls-cli -p 443 www.paypal.com >> Resolving 'www.paypal.com'... >> Connecting to '64.4.241.49:443'... >> *** Fatal error: A TLS packet with unexpected length was received. >> *** Handshake has failed >> GNUTLS ERROR: A TLS packet with unexpected length was received. >> jas@mocca:~$ > > Although I can confirm the brain damage exhibited by www.microsoft.com > and www.ibm.com, www.paypal.com doesn't have an issue with a > ClientHello advertising TLS version 1.2. It might have other problems, > but see the attached handshake. For reference, my prober utility (which is not testing everything, yet ;), like not checking record padding variation ) diagnoses www.paypal.com with the following: - Not renego patched - Version intolerant (refuses to negotiate with client specifying TLS NG, v4.x) - No version checking of RSA Client Key Exchange (CKE) - Does not support AES www.microsoft.com and www.ibm.com results: - Not renego patched - Version intolerant (refuses to negotiate with client specifying TLS 1.1 or higher) For those interested, at present - 3.4% of 383531 probed servers are intolerant in the 3.x range (69% including the 4.x range, 83% of renego patched server also in the v4.x range) - 0.4% require RSA CKE version field to match negotiated version - 31.6% does not check the RSA CKE version field - 43 of 383531 servers mirror the client hello version back to the client - 990 of 383531 server use the record protocol field instead of the client hello version when negotiating - 99 of 383531 support TLS 1.1 - 2 of 383531 support TLS 1.2 (both are known test servers) Among renego patched servers, while virtually all are tolerant in the v3.x range, recently some that are version intolerant in the v3.x range has started to show up. From this week's run: live.rapidswholesale.com pazion.nl hypotheek-aanvragen.nl droog.com sso.u-bordeaux3.fr www.seekame.com None of these six servers tolerate v3.4, "TLS 1.3" (multiple tests performed), TLS 1.2 was accepted. Most of them identify as Apache, but there is no commonality in version numbers, and I suspect that the block is done by a server or firewall in front of the servers. There were also two other servers that showed up in this weeks run, but those detections may be false positives due to other issues. -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
- [TLS] Renego Indication RI patch interaction with… Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Adam Langley
- Re: [TLS] Renego Indication RI patch interaction … Simon Josefsson
- Re: [TLS] Renego Indication RI patch interaction … Brian Smith
- Re: [TLS] Renego Indication RI patch interaction … Marsh Ray
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Michael D'Errico
- Re: [TLS] Renego Indication RI patch interaction … Martin Rex
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Yngve N. Pettersen (Developer Opera Software ASA)
- Re: [TLS] Renego Indication RI patch interaction … Ivan Ristic
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Renego Indication RI patch interaction … Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Peter Gutmann
- Re: [TLS] Version (in)tolerance Marsh Ray
- Re: [TLS] Version (in)tolerance Martin Rex
- Re: [TLS] Version (in)tolerance Marsh Ray