RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
Hi Jeff,
Thanks for the reply. I don’t want to enable SSLv2, but would like to support
SSLv3, TLS 1.0. Code where I am creating the SSL context and setting the
options looks as shown below
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
if (ssl_ctx != NULL)
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2);
.. .. .. .. .. ..
.. .. .. .. ..
When I try to connect to a server that supports only SSLv3, client does not
fallback, rather it fails with an alert "protocol version". Because client
sends client hello with protocol version of TLS 1.0, that server does not
support. Is this the right behavior? Or should I modifiy the client app to try
with lower protocol version when I receive this alert. My understanding is
OpenSSL stack will not perform any fallback. It is up to applications to handle
it.
Regards
Jaya
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Jeffrey Walton
Sent: Monday, October 29, 2012 11:05 PM
To: openssl-users@openssl.org
Subject: Re: Need inputs/suggestions on SSL/TLS protocol version fallback
mechanism.
> SSL_CTX_set_options, should I indicate protocols using this function?.
Before you do that, please realize TLS 1.0 is the least broken of the protocols
you are trying to enable. You really want all TLS 1.2 clients, but its not
widely implemented in clients and servers. I can tell you that a number of
organizations will not want an SSL2/SSL3 clients accessing their corporate data.
Differences Between SSLv2, SSLv3, and TLS, www.yaksman.org/~lweith/ssl.pdf
Analysis of the SSL 3.0 Protocol, www.schneier.com/paper-ssl.html.
Jeff
On Mon, Oct 29, 2012 at 10:27 AM, Bhat, Jayalakshmi Manjunath
wrote:
> Hi Charles,
>
> Thank you for the reply. I am not setting any option using
> SSL_CTX_set_options, should I indicate protocols using this function?.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills
> Sent: Monday, October 29, 2012 7:40 PM
> To: openssl-users@openssl.org
> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version
> fallback mechanism.
>
> Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL,
> SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept?
>
> BTW, openssl-users (not –dev) is the proper forum for this sort of
> questions.
>
> From: owner-openssl-us...@openssl.org
> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat,
> Jayalakshmi Manjunath
> Sent: Monday, October 29, 2012 5:27 AM
> To: openssl-...@openssl.org; openssl-users@openssl.org
> Subject: Need inputs/suggestions on SSL/TLS protocol version fallback
> mechanism.
>
> I have a client application that uses SSL23_client_method(). When the
> client is getting connected to server that supports TLS 1.0 there are no
> issues.
> When the client is getting connected to server that supports only
> SSLv3.0, connection is getting aborted with protocol number error.
>
> I have couple of question around this issue.
>
> 1. If I like to support the fallback mechanism, I need to implement
> the same in the client application. SSL client state machine in
> OpenSSL does not implement any fallback.
>
> 2. I did not see any recommendation in SSL/TLS RFC to implement the
> fallback mechanism. I wanted to know are there any side effects in
> OpenSSL library if fallback mechanism is implemented.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
:��I"Ϯ��r�m
(Z+�K
�+1���x
��h[�z�(Z+�
��f�y��
�f���h��)z{,���
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
Hi Jeff, Thanks for the reply. I don’t want to enable SSLv2, but would like to support SSLv3, TLS 1.0. Code where I am creating the SSL context and setting the options looks as shown below ssl_ctx = SSL_CTX_new(SSLv23_client_method()); if (ssl_ctx != NULL) SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL|SSL_OP_NO_SSLv2); .. .. .. .. .. .. .. .. .. .. .. When I try to connect to a server that supports only SSLv3, client does not fallback, rather it fails with an alert "protocol version". Because client sends client hello with protocol version of TLS 1.0, that server does not support. Is this the right behavior? Or should I modifiy the client app to try with lower protocol version when I receive this alert. My understanding is OpenSSL stack will not perform any fallback. It is up to applications to handle it. Regards Jaya -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jeffrey Walton Sent: Monday, October 29, 2012 11:05 PM To: openssl-users@openssl.org Subject: Re: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. > SSL_CTX_set_options, should I indicate protocols using this function?. Before you do that, please realize TLS 1.0 is the least broken of the protocols you are trying to enable. You really want all TLS 1.2 clients, but its not widely implemented in clients and servers. I can tell you that a number of organizations will not want an SSL2/SSL3 clients accessing their corporate data. Differences Between SSLv2, SSLv3, and TLS, www.yaksman.org/~lweith/ssl.pdf Analysis of the SSL 3.0 Protocol, www.schneier.com/paper-ssl.html. Jeff On Mon, Oct 29, 2012 at 10:27 AM, Bhat, Jayalakshmi Manjunath wrote: > Hi Charles, > > Thank you for the reply. I am not setting any option using > SSL_CTX_set_options, should I indicate protocols using this function?. > > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills > Sent: Monday, October 29, 2012 7:40 PM > To: openssl-users@openssl.org > Subject: RE: Need inputs/suggestions on SSL/TLS protocol version > fallback mechanism. > > Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, > SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? > > BTW, openssl-users (not –dev) is the proper forum for this sort of > questions. > > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, > Jayalakshmi Manjunath > Sent: Monday, October 29, 2012 5:27 AM > To: openssl-...@openssl.org; openssl-users@openssl.org > Subject: Need inputs/suggestions on SSL/TLS protocol version fallback > mechanism. > > I have a client application that uses SSL23_client_method(). When the > client is getting connected to server that supports TLS 1.0 there are no > issues. > When the client is getting connected to server that supports only > SSLv3.0, connection is getting aborted with protocol number error. > > I have couple of question around this issue. > > 1. If I like to support the fallback mechanism, I need to implement > the same in the client application. SSL client state machine in > OpenSSL does not implement any fallback. > > 2. I did not see any recommendation in SSL/TLS RFC to implement the > fallback mechanism. I wanted to know are there any side effects in > OpenSSL library if fallback mechanism is implemented. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
> SSL_CTX_set_options, should I indicate protocols using this function?. Before you do that, please realize TLS 1.0 is the least broken of the protocols you are trying to enable. You really want all TLS 1.2 clients, but its not widely implemented in clients and servers. I can tell you that a number of organizations will not want an SSL2/SSL3 clients accessing their corporate data. Differences Between SSLv2, SSLv3, and TLS, www.yaksman.org/~lweith/ssl.pdf Analysis of the SSL 3.0 Protocol, www.schneier.com/paper-ssl.html. Jeff On Mon, Oct 29, 2012 at 10:27 AM, Bhat, Jayalakshmi Manjunath wrote: > Hi Charles, > > Thank you for the reply. I am not setting any option using > SSL_CTX_set_options, should I indicate protocols using this function?. > > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills > Sent: Monday, October 29, 2012 7:40 PM > To: openssl-users@openssl.org > Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback > mechanism. > > Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, > SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? > > BTW, openssl-users (not –dev) is the proper forum for this sort of > questions. > > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi > Manjunath > Sent: Monday, October 29, 2012 5:27 AM > To: openssl-...@openssl.org; openssl-users@openssl.org > Subject: Need inputs/suggestions on SSL/TLS protocol version fallback > mechanism. > > I have a client application that uses SSL23_client_method(). When the client > is getting connected to server that supports TLS 1.0 there are no issues. > When the client is getting connected to server that supports only SSLv3.0, > connection is getting aborted with protocol number error. > > I have couple of question around this issue. > > 1. If I like to support the fallback mechanism, I need to implement > the same in the client application. SSL client state machine in OpenSSL does > not implement any fallback. > > 2. I did not see any recommendation in SSL/TLS RFC to implement the > fallback mechanism. I wanted to know are there any side effects in OpenSSL > library if fallback mechanism is implemented. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
Hi Charles, I was under the assumption that I can turn of protocols using this options. Since I wanted to give a try, without turning off any protocol, did not give attention towards this call. Let me give a try. Thank you Jaya From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Monday, October 29, 2012 8:47 PM To: openssl-users@openssl.org Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. You should at least look into it. I am not sure what the defaults are without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) | SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should (IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1. Charles From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]> On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 7:28 AM To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi Charles, Thank you for the reply. I am not setting any option using SSL_CTX_set_options, should I indicate protocols using this function?. Regards Jaya From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Monday, October 29, 2012 7:40 PM To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? BTW, openssl-users (not -dev) is the proper forum for this sort of questions. Charles From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]> On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 5:27 AM To: openssl-...@openssl.org<mailto:openssl-...@openssl.org>; openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi All, I have a client application that uses SSL23_client_method(). When the client is getting connected to server that supports TLS 1.0 there are no issues. When the client is getting connected to server that supports only SSLv3.0, connection is getting aborted with protocol number error. I have couple of question around this issue. 1. If I like to support the fallback mechanism, I need to implement the same in the client application. SSL client state machine in OpenSSL does not implement any fallback. 2. I did not see any recommendation in SSL/TLS RFC to implement the fallback mechanism. I wanted to know are there any side effects in OpenSSL library if fallback mechanism is implemented.
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
You should at least look into it. I am not sure what the defaults are without looking at the docs. Try setting SSL_OP_ALL (sounds good to me) | SSL_OP_NO_SSLv2 (SSL v2 is considered to be badly flawed). That should (IIRC) leave you able to accept SSL v3, TLS v1, and TLS v1.1. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 7:28 AM To: openssl-users@openssl.org Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi Charles, Thank you for the reply. I am not setting any option using SSL_CTX_set_options, should I indicate protocols using this function?. Regards Jaya From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Monday, October 29, 2012 7:40 PM To: openssl-users@openssl.org Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? BTW, openssl-users (not -dev) is the proper forum for this sort of questions. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 5:27 AM To: openssl-...@openssl.org; openssl-users@openssl.org Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi All, I have a client application that uses SSL23_client_method(). When the client is getting connected to server that supports TLS 1.0 there are no issues. When the client is getting connected to server that supports only SSLv3.0, connection is getting aborted with protocol number error. I have couple of question around this issue. 1. If I like to support the fallback mechanism, I need to implement the same in the client application. SSL client state machine in OpenSSL does not implement any fallback. 2. I did not see any recommendation in SSL/TLS RFC to implement the fallback mechanism. I wanted to know are there any side effects in OpenSSL library if fallback mechanism is implemented.
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
Hi Charles, Thank you for the reply. I am not setting any option using SSL_CTX_set_options, should I indicate protocols using this function?. Regards Jaya From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Monday, October 29, 2012 7:40 PM To: openssl-users@openssl.org Subject: RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? BTW, openssl-users (not -dev) is the proper forum for this sort of questions. Charles From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]> On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 5:27 AM To: openssl-...@openssl.org<mailto:openssl-...@openssl.org>; openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi All, I have a client application that uses SSL23_client_method(). When the client is getting connected to server that supports TLS 1.0 there are no issues. When the client is getting connected to server that supports only SSLv3.0, connection is getting aborted with protocol number error. I have couple of question around this issue. 1. If I like to support the fallback mechanism, I need to implement the same in the client application. SSL client state machine in OpenSSL does not implement any fallback. 2. I did not see any recommendation in SSL/TLS RFC to implement the fallback mechanism. I wanted to know are there any side effects in OpenSSL library if fallback mechanism is implemented. Any help on this points are appreciated. Regards Jayalakshmi
RE: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism.
Do you call SSL_CTX_set_options() with bit flags (SSL_OP_ALL, SSL_OP_NO_SSLv3, etc.) to indicate the protocols you are willing to accept? BTW, openssl-users (not -dev) is the proper forum for this sort of questions. Charles From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Bhat, Jayalakshmi Manjunath Sent: Monday, October 29, 2012 5:27 AM To: openssl-...@openssl.org; openssl-users@openssl.org Subject: Need inputs/suggestions on SSL/TLS protocol version fallback mechanism. Hi All, I have a client application that uses SSL23_client_method(). When the client is getting connected to server that supports TLS 1.0 there are no issues. When the client is getting connected to server that supports only SSLv3.0, connection is getting aborted with protocol number error. I have couple of question around this issue. 1. If I like to support the fallback mechanism, I need to implement the same in the client application. SSL client state machine in OpenSSL does not implement any fallback. 2. I did not see any recommendation in SSL/TLS RFC to implement the fallback mechanism. I wanted to know are there any side effects in OpenSSL library if fallback mechanism is implemented. Any help on this points are appreciated. Regards Jayalakshmi
