Re: SSL_MODE_SEND_FALLBACK_SCSV option

Tue, 21 Oct 2014 02:50:41 -0700 

On 21/10/2014 07:50, Florian Weimer wrote:

On 10/20/2014 10:10 PM, Nou Dadoun wrote:
Well I think I'm completely confused about this option now; "always when you fall back" seems to suggest that falling back is an application level operation (as opposed to openssl-implemented behaviour), is it? i.e. is the onus on the client application to retry with a lower version if it wants to? What then is the purpose of the option? 


Correct, fallback (in this sense) is performed by the application.  In 
contrast, OpenSSL automatically upgrades away from SSL 3.0 (unless 
prevent from doing so), in a way that is secure against 
man-in-the-middle attacks.



The purpose of the option is to make totally broken applications a bit 
less secure (when they happen to certain servers).  From my point of 
view, there is only one really good reason to have this client-side 
option—so that you can test the server-side support. That's why I 
implemented it for OpenJDK as well.  Application should *never* use it 
because it does not really solve anything. If you have fallback code, 
your application is still insecure.



No the purpose is to make them more secure by preventing their
(rarely needed) fallback code from being abused by MITM attackers,
but the extra protection only works if the server contains the
corresponding patch.  Basically, if a (patched) server sees that
the client set SSL_MODE_SEND_FALLBACK_SCSV while sending a "max
protocol version" lower than a protocol the server could have
supported, then the server will conclude that the application has
been mislead about that server, and reject the bad connection.

In the past, the server would think the client was old and the
client would think the server was old, resulting in a successful
attack.

This entire confusion is why I reported the
SSL_MODE_SEND_FALLBACK_SCSV documentation as being very incomplete.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to