Hubert Kario <[email protected]> wrote: > Actually it does not introduce it as OpenSSL does send the notification as > TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not the extension. > > On Sunday 30 November 2014 20:36:20 Richard Moore wrote: >> That would introduce security issues such as the TLS renegotiation flaw. >> Surely a better solution is to make servers that pretend to support TLS but >> actually only support SSL3 die a horrible death?
I agree with Richard that this seems . In particular, the session hash / extended master secret [1] specification requires an extension to work securely. Not having the SNI extension is likely to cause security issues (using a different and perhaps though-of-as-unused certificate). Many servers use the values in the signature_algorithms extension to determine whether to use a SHA-2 or SHA-1 certificate, so not sending signature_algorithms is likely to cause problems for any client that disables support for SHA-1 certificates. Resolving these TLS (extension) intolerance issues requires collective action, and it would be great if OpenSSL could do its part by not adding features like this that exist purely to avoid participating in the collective action, especially when the added feature disables other important security features. Cheers, Brian [1] https://tools.ietf.org/html/draft-bhargavan-tls-session-hash-00 _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
