[openssl-dev] [openssl.org #3616] [Patch] Implement option to disable sending TLS extensions
Brian Smith
brian at briansmith.org
Mon Jan 26 18:03:30 UTC 2015
Hubert Kario <hkario at redhat.com> wrote:
> Actually it does not introduce it as OpenSSL does send the notification as
> TLS_EMPTY_RENEGOTIATION_INFO_SCSV, not the extension.
>
> On Sunday 30 November 2014 20:36:20 Richard Moore wrote:
>> That would introduce security issues such as the TLS renegotiation flaw.
>> Surely a better solution is to make servers that pretend to support TLS but
>> actually only support SSL3 die a horrible death?
I agree with Richard that this seems . In particular, the session hash
/ extended master secret [1] specification requires an extension to
work securely. Not having the SNI extension is likely to cause
security issues (using a different and perhaps though-of-as-unused
certificate). Many servers use the values in the signature_algorithms
extension to determine whether to use a SHA-2 or SHA-1 certificate, so
not sending signature_algorithms is likely to cause problems for any
client that disables support for SHA-1 certificates.
Resolving these TLS (extension) intolerance issues requires collective
action, and it would be great if OpenSSL could do its part by not
adding features like this that exist purely to avoid participating in
the collective action, especially when the added feature disables
other important security features.
Cheers,
Brian
[1] https://tools.ietf.org/html/draft-bhargavan-tls-session-hash-00
More information about the openssl-dev
mailing list