Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

protocol downgrade attacks #5

Closed
hannesm opened this issue Mar 3, 2014 · 2 comments
Closed

protocol downgrade attacks #5

hannesm opened this issue Mar 3, 2014 · 2 comments

Comments

@hannesm
Copy link
Member

@hannesm hannesm commented Mar 3, 2014

problem: handshake might be downgraded to TLS1/SSL3

solution: implement TLS_FALLBACK_SCSV ciphersuite as specified in the ietf draft

references

@hannesm
Copy link
Member Author

@hannesm hannesm commented Jul 7, 2014

we do not implement the SCSV mentioned as draft, but we also do not support SSL3 nor SSL2 -- and we check the client protocol version in PMS precisely

Loading

g2p added a commit to g2p/ocaml-tls that referenced this issue Jan 5, 2015
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses mirleft#5.
g2p added a commit to g2p/ocaml-tls that referenced this issue Jan 12, 2015
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses mirleft#5.
g2p added a commit to g2p/ocaml-tls that referenced this issue Jan 13, 2015
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses mirleft#5.
hannesm added a commit that referenced this issue Jan 13, 2015
https://tools.ietf.org/html/rfc5246#appendix-E.1
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv
https://datatracker.ietf.org/doc/draft-ietf-tls-downgrade-scsv/

Some tricky clients work around servers with broken version
negociation by connecting multiple times with lower max_versions.
Such a client can't distinguish broken servers, bad connectivity,
and attacks.  But it can send an SCSV to flag those downgrades.  As
a server, reject any downgrade that isn't for our highest supported
TLS version.

Addresses #5.
@hannesm
Copy link
Member Author

@hannesm hannesm commented Jan 15, 2015

since #224 just got merged, we have this now - closing! :)

Loading

@hannesm hannesm closed this Jan 15, 2015
@amirmc amirmc mentioned this issue May 20, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant