Re: [TLS] Proposal for hybrid solution using most of the ideas

To: "tls at ietf.org" <tls at ietf.org>
Subject: Re: [TLS] Proposal for hybrid solution using most of the ideas
From: Marsh Ray <marsh at extendedsubset.com>
Date: Thu, 19 Nov 2009 13:02:48 -0600
Delivered-to: tls at core3.amsl.com
In-reply-to: <4B053CF5.7000105 at drh-consultancy.demon.co.uk>
List-archive: <http://www.ietf.org/mail-archive/web/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
Openpgp: id=1E36DBF2
References: <C72AB6FD.670D%stefan at aaa-sec.com> <4B04F92A.8050903 at extendedsubset.com> <4B053CF5.7000105 at drh-consultancy.demon.co.uk>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

Dr Stephen Henson wrote:
> 
> What browsers and many libraries (including OpenSSL) do in the first place is to
> send an initial "version discovery" SSLv3 compatible client hello (or even
> SSLv2) with the version number set to the maximum number of SSL/TLS supported.
> The reply then indicates the version of SSL/TLS supported. Until that point you
> don't know what the server supports. So the connection can end up talking TLS
> v1.2 even though it initially sent and SSLv3 compatible client hello.

So using extensions (even when both ends support TLS 1.1) would
significantly change the client hello for many current clients? Yngve of
Opera and Nelson of Mozilla had posted some connection logic that didn't
work quite like that. But now that you mention it that is what I see
from typical non-browser clients.

Back to unified SSL/TLS solutions then.

Looks like C->S signaling could be achieved back to SSLv2 with the magic
cipher suite technique.

For S->C, setting that high bit in the version field is looking not so
bad now.

RFC 4346:
> server_version
>       This field will contain the lower of that suggested by the client
>       in the client hello and the highest supported by the server.

What worries me is that a great many inspecting firewalls are going to
see that and freak out because the server is replying with a version
higher than the client.

Perhaps those nice, friendly, and helpful networking hardware and
software vendors on this list will offer some lab time to check this out?

Another possibility is bit 15 of cipher_suite, assuming there will not
be a need for 32769 different cipher suites before extensions become usable.

- Marsh

Follow-Ups:
- [TLS] Non-browser clients.
  - From: Dr Stephen Henson
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Martin Rex

References:
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Stefan Santesson
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Marsh Ray
- Re: [TLS] Proposal for hybrid solution using most of the ideas
  - From: Dr Stephen Henson

Prev by Date: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by Date: Re: [TLS] simplistic renego protection
Previous by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Next by thread: Re: [TLS] Proposal for hybrid solution using most of the ideas
Index(es):
- Date
- Thread

Re: [TLS] Proposal for hybrid solution using most of the ideas

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.