Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't send TLS_FALLBACK_SCSV if max version is >= 1.2 (#651)
TLS_FALLBACK_SCSV protects against downgrade attacks when clients implement a version fallback independent of TLS version negotiation, but if it's set on a non-fallback connection attempt, it will prevent an otherwise-safe connection if the server supports a version higher than the client does. Because the default OpenJDK TLS implementation doesn't support TLS_FALLBACK_SCSV, some developers mistakenly enable it on every connection due to thinking it's a normal cipher suite, which is starting to cause issues when servers upgrade to TLS 1.3. We can obviously omit it on connections with a max version of 1.3, since that's Conscrypt's max version, so it can't be a version fallback. As far as connections with a max version of 1.2 are concerned, this type of fallback is generally not needed any longer, since TLS 1.3-supporting servers should all perform version negotiation properly. (Chrome and Firefox have both disabled version fallback entirely.) Thus TLS_FALLBACK_SCSV's presence in connections with a max version of 1.2 is significantly more likely to be a misconfiguration than a true fallback indication. We continue to include the cipher suite for connections with a max version of 1.1 or lower. First, flaws in pre-1.2 versions are more likely to exist than flaws in 1.2, so the benefit of flagging downgrades to those versions are higher. As well, fallback is most likely to be useful when dealing with buggy TLS 1.2 servers. Fixes #574
- Loading branch information
Showing
4 changed files
with
55 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters