[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] please remove SSLv3 from being used until explicitly spec
|
From: |
Tim Rühsen |
|
Subject: |
Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified |
|
Date: |
Sun, 19 Oct 2014 22:35:41 +0200 |
|
User-agent: |
KMail/4.14.1 (Linux/3.16-2-amd64; KDE/4.14.1; x86_64; ; ) |
Am Sonntag, 19. Oktober 2014, 21:11:01 schrieb Ángel González:
> Tim Rühsen wrote:
> > Hi Ángel,
> >
> > thanks for your testing.
> >
> > I would like to reproduce it - can you tell me what you did exactly ?
>
> I used a simple server that printed the TLS Client Hello and closed the
> connection.
> Browsers automatically retried with lower SSL versions.
> wget aborted with an «Unable to establish SSL connection.» message
>
> > The original paper talks about 'client renegotiation dance'.
> > What about renegotiation at protocol level ? Isn't it possible that a TLS
> > connection goes down to SSLv3 intransparent to the client/server code ?
>
> AFAIK no. That is protected by the HMAC. The problem is the version
> downgrading
> on a network error, which can be inserted by a MiTM (and without
> TLS_FALLBACK_SCSV the server won't be able to that the client downgraded its
> version thinking the server didn't support a greater one).
>
> > I am not that deep into the TLS/SSL libraries to answer that question
> > myself right now. The paper talks about 'proper protocol version
> > negotiation' - that seems to need some clarification.
>
> That's the server replying with a lower protocol version in the same
> connection.
> The downgrade was a hack for broken servers not properly supporting SSL.
> And
> we are paying it now.
Thank you !
Tim
Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Christoph Anton Mitterer, 2014/10/17