Re: [TLS] draft-rescorla-tls-renegotiate.txt

To: mrex at sap.com
Subject: Re: [TLS] draft-rescorla-tls-renegotiate.txt
From: Robert Relyea <rrelyea at redhat.com>
Date: Fri, 06 Nov 2009 13:40:21 -0800
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <200911061959.nA6JxnnB001831 at fs4113.wdf.sap.corp>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <200911061959.nA6JxnnB001831 at fs4113.wdf.sap.corp>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4pre) Gecko/20091014 Fedora/3.0-2.8.b4.fc11 Lightning/1.0pre Thunderbird/3.0b4

On 11/06/2009 11:59 AM, Martin Rex wrote:
> Michael D'Errico wrote:
>   
>>     
>>>    - to describe how to add/implement this fix to each and
>>>      every affected protocol version of the SSL/TLS Family.
>>>
>>>      I just noticed that SSLv3 does _NOT_ have a "no_renegotiate" alert!
>>>      To me, it looks like the SSLv3 spec does not specify how to
>>>      deny performing a renegotiate.  Which is slightly odd, since
>>>      there are SSLv3 implementations that do not implement renegotiation...
>>>       
>> Even more importantly, SSLv3 does not support extensions.
>>     
> You're correct.  SSLv3 allows extensions in the ClientHello that
> are to be ignored, but it does not support them in ServerHello.
>   
In practice, there are too many servers that blow up even on extensions
in clientHellos. So many that NSS only uses extensions in TLS, not in SSL3.

There are some servers that claim to be TLS, that also fail to accept
extensions. To date we have treated those as TLS intolerant SSL 3.0
servers, since it's clearly incorrect behavior for a TLS server to just
barf on an extension.
> Oooops.
>
> Suggestions?
>   
For us, this means SSL3 would be dead in the case you require the extension.

bob
>
> -Martin
> _______________________________________________
> TLS mailing list
> TLS at ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Martin Rex
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Michael D'Errico

References:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Martin Rex

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Previous by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Index(es):
- Date
- Thread

Re: [TLS] draft-rescorla-tls-renegotiate.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.