[openssl-project] FYI: [postfix & TLS1.3 problems]
Matt Caswell
matt at openssl.org
Mon Oct 15 17:56:06 UTC 2018
On 15/10/18 18:54, Viktor Dukhovni wrote:
>
>
>> On Oct 15, 2018, at 9:19 AM, Matt Caswell <matt at openssl.org> wrote:
>>
>>> Early, partial reports of the cause seem to indicate that the sending
>>> side was using OpenSSL with:
>>>
>>> SSL_CTX_set_mode(ctx, SSL_MODE_SEND_FALLBACK_SCSV);
>>>
>>> seemingly despite no prior handshake failure,
>>
>> Are you sure about the "no prior handshake failure" bit? If they were
>> using pre6 or below then if they attempt TLSv1.3 first it will fail
>> (incorrectly - it should negotiation TLSv1.2 see issue 7315). The
>> fallback to TLSv1.2 with SSL_MODE_SEND_FALLBACK_SCSV set would then be
>> reasonable.
>
> No, not sure at all, but that's what the receiving system administrator
> tells me the sending system administrator told him. Perhaps they failed
> to understand the docs, and always set the fallback bit. MTAs tend to
> not do complex fallback, just send in the clear if opportunistic TLS
> fails, or try later and hope things work out better then.
>
> I've not yet received further corroboration. What do you make of the
> idea of making it possible for servers to accept downgrades (to some
> floor protocol version or all supported versions)?
>
I'm really not keen on that idea at all.
Matt
More information about the openssl-project
mailing list