[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] please remove SSLv3 from being used until explicitly spec
|
From: |
Ángel González |
|
Subject: |
Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified |
|
Date: |
Sun, 19 Oct 2014 21:11:01 +0200 |
|
User-agent: |
Thunderbird |
Tim Rühsen wrote:
Hi Ángel,
thanks for your testing.
I would like to reproduce it - can you tell me what you did exactly ?
I used a simple server that printed the TLS Client Hello and closed the
connection.
Browsers automatically retried with lower SSL versions.
wget aborted with an «Unable to establish SSL connection.» message
The original paper talks about 'client renegotiation dance'.
What about renegotiation at protocol level ? Isn't it possible that a TLS
connection goes down to SSLv3 intransparent to the client/server code ?
AFAIK no. That is protected by the HMAC. The problem is the version
downgrading
on a network error, which can be inserted by a MiTM (and without
TLS_FALLBACK_SCSV the server won't be able to that the client downgraded its
version thinking the server didn't support a greater one).
I am not that deep into the TLS/SSL libraries to answer that question myself
right now. The paper talks about 'proper protocol version negotiation' - that
seems to need some clarification.
That's the server replying with a lower protocol version in the same
connection.
The downgrade was a hack for broken servers not properly supporting SSL.
And
we are paying it now.
Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified, Christoph Anton Mitterer, 2014/10/17