Julien Pierre wrote:
RFC 2817 has serious security implications for clients, because it does not specify a distinct URL scheme for TLS upgrade. Browsers are left without a means to enforce encryption on the connection. It is up to the server to upgrade the connection to TLS - or not . I would say that the HTTP TLS upgrade protocol is flawed. For this reason, it should not be implemented in general-purpose browsers such as mozilla.
Indeed, this is the very problem that makes people want to abandon SSL2. RFC 2817 is vulnerable to a roll-back attack. An active attacker need only intercept the request to ugprade to TLS and return a response saying that it cannot do so. The client will then continue without any SSL/TLS at all. Even SSL2 isn't that bad! -- Nelson B _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
