| < draft-ietf-tls-sslv3-diediedie-00.txt | draft-ietf-tls-sslv3-diediedie-01.txt > | |||
|---|---|---|---|---|
| Network Working Group R. Barnes | Network Working Group R. Barnes | |||
| Internet-Draft M. Thomson | Internet-Draft M. Thomson | |||
| Updates: 5246 (if approved) Mozilla | Updates: 5246 (if approved) Mozilla | |||
| Intended status: Standards Track A. Pironti | Intended status: Standards Track A. Pironti | |||
| Expires: June 5, 2015 INRIA | Expires: September 2, 2015 INRIA | |||
| A. Langley | A. Langley | |||
| December 2, 2014 | March 1, 2015 | |||
| Deprecating Secure Sockets Layer Version 3.0 | Deprecating Secure Sockets Layer Version 3.0 | |||
| draft-ietf-tls-sslv3-diediedie-00 | draft-ietf-tls-sslv3-diediedie-01 | |||
| Abstract | Abstract | |||
| Secure Sockets Layer version 3.0 (SSLv3) [RFC6101] is no longer | Secure Sockets Layer version 3.0 (SSLv3) [RFC6101] is no longer | |||
| secure. This document requires that SSLv3 not be used. The | secure. This document requires that SSLv3 not be used. The | |||
| replacement versions, in particular Transport Layer Security (TLS) | replacement versions, in particular Transport Layer Security (TLS) | |||
| 1.2 [RFC5246], are considerably more secure and capable protocols. | 1.2 [RFC5246], are considerably more secure and capable protocols. | |||
| This document updates the backward compatibility sections of the TLS | This document updates the backward compatibility sections of the TLS | |||
| RFCs to prohibit fallback to SSLv3. | RFCs to prohibit fallback to SSLv3. | |||
| skipping to change at page 1, line 40 ¶ | skipping to change at page 1, line 40 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 5, 2015. | This Internet-Draft will expire on September 2, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2015 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 45 ¶ | skipping to change at page 2, line 45 ¶ | |||
| have permitted the negotiation of SSLv3. | have permitted the negotiation of SSLv3. | |||
| The predecessor of SSLv3, SSL version 2, is no longer considered | The predecessor of SSLv3, SSL version 2, is no longer considered | |||
| secure [RFC6176]. SSLv3 now follows. | secure [RFC6176]. SSLv3 now follows. | |||
| 2. Do Not Use SSL Version 3.0 | 2. Do Not Use SSL Version 3.0 | |||
| SSLv3 MUST NOT be used [RFC2119]. Negotiation of SSLv3 from any | SSLv3 MUST NOT be used [RFC2119]. Negotiation of SSLv3 from any | |||
| version of TLS MUST NOT be permitted. | version of TLS MUST NOT be permitted. | |||
| Any version of TLS is more secure then SSLv3, though the highest | Any version of TLS is more secure than SSLv3, though the highest | |||
| version available is preferable. | version available is preferable. | |||
| Pragmatically, clients MUST NOT send a ClientHello with | Pragmatically, clients MUST NOT send a ClientHello with | |||
| ClientHello.client_version set to {03,00}. Similarly, servers MUST | ClientHello.client_version set to {03,00}. Similarly, servers MUST | |||
| NOT send a ServerHello with ServerHello.server_version set to | NOT send a ServerHello with ServerHello.server_version set to | |||
| {03,00}. Any party receiving a Hello message with the protocol | {03,00}. Any party receiving a Hello message with the protocol | |||
| version set to {03,00} MUST respond with a "protocol_version" alert | version set to {03,00} MUST respond with a "protocol_version" alert | |||
| message and close the connection. | message and close the connection. | |||
| Historically, TLS specifications were not clear on what the record | Historically, TLS specifications were not clear on what the record | |||
| skipping to change at page 4, line 12 ¶ | skipping to change at page 4, line 12 ¶ | |||
| systematically replaced with stronger hash functions, such as SHA-256 | systematically replaced with stronger hash functions, such as SHA-256 | |||
| [FIPS180-2]. | [FIPS180-2]. | |||
| 4. Limited Capabilities | 4. Limited Capabilities | |||
| SSLv3 is unable to take advantage of the many features that have been | SSLv3 is unable to take advantage of the many features that have been | |||
| added to recent TLS versions. This includes the features that are | added to recent TLS versions. This includes the features that are | |||
| enabled by ClientHello extensions, which SSLv3 does not support. | enabled by ClientHello extensions, which SSLv3 does not support. | |||
| Though SSLv3 can benefit from new cipher suites, it cannot benefit | Though SSLv3 can benefit from new cipher suites, it cannot benefit | |||
| from new cryptographic modes. Of these, the following are | from new cryptographic modes and features. Of these, the following | |||
| particularly prominent: | are particularly prominent: | |||
| o Authenticated Encryption with Additional Data (AEAD) modes are | o Authenticated Encryption with Additional Data (AEAD) modes are | |||
| added in [RFC5246]. | added in [RFC5246]. | |||
| o Elliptic Curve Diffie-Hellman (ECDH) and Digital Signature | o Elliptic Curve Diffie-Hellman (ECDH) and Digital Signature | |||
| Algorithm (ECDSA) are added in [RFC4492]. | Algorithm (ECDSA) are added in [RFC4492]. | |||
| o Stateless session tickets [RFC5077]. | o Stateless session tickets [RFC5077]. | |||
| o A datagram mode of operation, DTLS [RFC6347]. | o A datagram mode of operation, DTLS [RFC6347]. | |||
| o Application layer protocol negotiation [RFC7301]. | o Application layer protocol negotiation [RFC7301]. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| This document has no IANA actions. | This document has no IANA actions. | |||
| 6. Security Considerations | 6. Security Considerations | |||
| This entire document aims to improve security by identifying a | This entire document aims to improve security by prohibiting the use | |||
| protocol that is not secure. | of a protocol that is not secure. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [I-D.ietf-tls-prohibiting-rc4] | [I-D.ietf-tls-prohibiting-rc4] | |||
| Popov, A., "Prohibiting RC4 Cipher Suites", draft-ietf- | Popov, A., "Prohibiting RC4 Cipher Suites", draft-ietf- | |||
| tls-prohibiting-rc4-01 (work in progress), October 2014. | tls-prohibiting-rc4-01 (work in progress), October 2014. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| End of changes. 8 change blocks. | ||||
| 10 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||