Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

protocol downgrade attacks #5

Closed
hannesm opened this Issue Mar 3, 2014 · 2 comments

Comments

1 participant
@hannesm
Copy link
Member

hannesm commented Mar 3, 2014

problem: handshake might be downgraded to TLS1/SSL3

solution: implement TLS_FALLBACK_SCSV ciphersuite as specified in the ietf draft

references

@hannesm hannesm referenced this issue Mar 3, 2014

Closed

Confidence? #1

@hannesm

This comment has been minimized.

Copy link
Member Author

hannesm commented Jul 7, 2014

we do not implement the SCSV mentioned as draft, but we also do not support SSL3 nor SSL2 -- and we check the client protocol version in PMS precisely

g2p added a commit to g2p/ocaml-tls that referenced this issue Jan 5, 2015

Downgrade prevention
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses mirleft#5.

g2p added a commit to g2p/ocaml-tls that referenced this issue Jan 12, 2015

Downgrade prevention
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses mirleft#5.

g2p added a commit to g2p/ocaml-tls that referenced this issue Jan 13, 2015

Downgrade prevention
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses mirleft#5.

hannesm added a commit that referenced this issue Jan 13, 2015

Downgrade prevention
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses #5.
@hannesm

This comment has been minimized.

Copy link
Member Author

hannesm commented Jan 15, 2015

since #224 just got merged, we have this now - closing! :)

@hannesm hannesm closed this Jan 15, 2015

@amirmc amirmc referenced this issue May 20, 2015

Closed

Logjam attack #271

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.