[Cryptography] DROWN attack on SSLv2 enabled servers
Viktor Dukhovni
cryptography at dukhovni.org
Sun Mar 6 23:45:58 EST 2016
> On Mar 6, 2016, at 6:25 PM, John-Mark Gurney <jmg at funkthat.com> wrote:
>
> People are hacking the civer suite value to be the protocol downgrade
> prevention (less than a year ago):
> https://tools.ietf.org/html/rfc7507
>
> "The fallback SCSV defined in this document is not a suitable
> substitute for proper TLS version negotiation. TLS implementations
> need to properly handle TLS version negotiation and extensibility
> mechanisms to avoid the security issues and connection delays
> associated with fallback retries."
IMHO, fallback (self-downgrade after negotiation failure) is a browser
hack that has outlived its usefulness. This too needs to go. It is not
part of TLS, and TLS 'support' for mitigating the damage from fallback
needs to also be phased out over time.
Fallback is not part of TLS.
--
Viktor.
More information about the cryptography
mailing list