Re: [TLS] draft-rescorla-tls-renegotiate.txt

To: rrelyea at redhat.com (Robert Relyea)
Subject: Re: [TLS] draft-rescorla-tls-renegotiate.txt
From: Martin Rex <mrex at sap.com>
Date: Sat, 7 Nov 2009 01:40:04 +0100 (MET)
Cc: tls at ietf.org
Delivered-to: tls at core3.amsl.com
In-reply-to: <4AF497C5.5060801 at REDHAT.COM> from "Robert Relyea" at Nov 6, 9 01:40:21 pm
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Reply-to: mrex at sap.com

Robert Relyea wrote:
> 
> >> Even more importantly, SSLv3 does not support extensions.
> >>     
> > You're correct.  SSLv3 allows extensions in the ClientHello that
> > are to be ignored, but it does not support them in ServerHello.
>   
> In practice, there are too many servers that blow up even on extensions
> in clientHellos. So many that NSS only uses extensions in TLS, not in SSL3.

I have no data and no experiences about interop issues with >SSLv3.

Networking or multimedia appliances might be the hardest to get
upgraded, although they're quite unlikely themselves to use
client-cert authentication, much less through renegotiation.

We shouldn't unnecessarily create interop-problems with them
(or force them to drop to plain http).

What exactly do you mean by "only uses extensions in TLS"?

TLS extensions must be asserted in the ClientHello, and a SSLv3 server
is expected to ignore them.

Are you rather referring to fallback/reconnect-heuristics in Browsers
that will automatically re-try a failed TLS-handshake with TLS extensions 
by a SSLv3 handshake without TLS extensions.  Which Browsers&Versions
do that, actually (I simply don't know)?

Such a fallback would certainly help, but is entirely an apps issue.
It is much less likely to be present in programmatic clients, I assume.

-Martin

References:
- Re: [TLS] draft-rescorla-tls-renegotiate.txt
  - From: Robert Relyea

Prev by Date: Re: [TLS] TLS renegotiation issue
Next by Date: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Previous by thread: Re: [TLS] Simple way to drop re-negotiation in HTTP (Re: draft-rescorla-tls-renegotiate.txt)
Next by thread: Re: [TLS] draft-rescorla-tls-renegotiate.txt
Index(es):
- Date
- Thread

Re: [TLS] draft-rescorla-tls-renegotiate.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.