Hi, You are right that this could be solved by just disabling SSLv2, v3 and TLS 1.0 and only supporting STRONG ciphers. Unfortunately is this is not practical for most hosts.
Server/hosts will support weak ciphers and weak TLS versions for the foreseeable future to allow old browsers (which do not support better TLS/cipher-suites) to connect. That's the sad reality of the Internet and TLS roll-out. regards ralf On Sat, Dec 7, 2013 at 2:53 PM, Tobias Gondrom <[email protected]>wrote: > Hi Ralf, > > thanks for posting this here. > > To pin a host to a TLS version would indeed be fairly easy. > But a small question: I thought "downgrading attacks" would have been > addressed by configuring the server/host to only accept certain strong > ciphers for the TLS/SSL connection. And basically to configure the web > server to no longer support/accept weak ciphers. Wouldn't we want to do > this also with the TLS version? > > Am I missing something? > > All the best, Tobias > > > > > On 07/12/13 14:24, Ralf Skyper Kaiser wrote: > > Hi, > > The TLS-WG is discussing a method to prevent a fallback attack in TLS. [1] > > "Sad as it is, in order to work on public Internet all browsers > implement TLS fallback: in the event of a handshake failure they will > retry the connection with a lesser SSL/TLS version." > > The proposed solution is complex and requires protocol changes. > > A different solution is to pin the TLS version to the host. Once the TLS > version is > pinned any downgrade attack to a lower TLS version would fail. > > This feature could be optional or mandatory to be configured on the host. > > Please discuss. Opinions welcome. > > > regards, > > ralf > > [1] http://www.ietf.org/mail-archive/web/tls/current/msg10676.html > > > > _______________________________________________ > websec mailing [email protected]https://www.ietf.org/mailman/listinfo/websec > > >
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
