On 2019-10-29 13:29:02 +0100 (+0100), Michael Kesper wrote: > On 27.10.19 17:27, Drew Parsons wrote: > > On 2019-10-27 23:13, Daniele Tricoli wrote: [...] > > > Not an expert here, but I think fallback is not done on > > > purpose due downgrade attacks: > > > https://en.wikipedia.org/wiki/Downgrade_attack > > > > I see. Still an odd kind of protection though. The attacker can > > just downgrade themselves. > > No. A sensible server will not talk to you if your requested SSL > version is too low. pub.orcid.org seems to use absolutely outdated > and insecure software versions.
Well, downgrade attacks aren't usually a two-party scenario. The risk with a downgrade attack is when a victim client attempts communication with some server, and a third-party attacker tampers with the communication between the client and server sufficiently to cause protocol negotiation to fall back to an old enough version that the attacker can then exploit known flaws to decrypt and/or proxy ("man in the middle") that communication. Having both the client and the server be unwilling to use susceptible older protocol versions helps thwart this attack vector. -- Jeremy Stanley
Description: PGP signature