Bodo Moeller wrote:
>
> On Sat, May 20, 2000 at 02:07:04AM +0100, Dr Stephen Henson wrote:
>
>
> > Its not apparent that this actually *is* a bug. If you examine the SSLv3
> > spec: [...]
>
> It is *definitely not* a bug. The SSL 3.0 and TLS 1.0 specifications
> are quite clear on this: "The latest (newest) version supported by the
> client. This is used to detect version roll-back attacks."
> (Detecting version roll-back attacks is not possible if the client
> does not send the maximum client_version cryptographically secured.)
>
Yes TLS1.0 is very clear about this. SSL v3.0 is reasonably clear.
I've learnt to be wary about definitive statements about SSL v3.0 until
I've got official confirmation (from Netscape), which I've now received.
So "officially" MSIE 5.0 and the CgatePro server are displaying
incorrect behaviour. Has anyone tried MS servers?
> > I recall various servers not tolerating s_client unless TLSv1 support is
> > turned off so maybe this should be changed.
>
> The servers, not s_client. If compatibility with broken servers
> is desired, you have to reconnect with different settings.
>
Such as disabling TLSv1.0? Or should we add another bug option? A bug
option might be desirable if some servers require this broken behaviour
and none (or very few) choke on it.
> > However if things are
> > changed its possible some SSLv3 servers also work like OpenSSL and they
> > will stop working :-(
>
> Actually there's no security problem for servers to accept a
> PreMasterSecret that contains the negotiated protocol version instead
> of the client_version from the ClientHello if these don't match;
> so it's possible for servers to adopt to both correct and broken
> clients, in case there are already TLS 1.0-aware clients that send
> incorrect PreMasterSecret messages as expected by those broken SSLv3
> servers.
>
Yes I was thinking we should make OpenSSL tolerate this, either by
default or a bug option. The only way you'll see this though is by
connecting with a broken client on an OpenSSL server that disables TLS.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
