Re: Can'somebody tell me why SSL2 is still by default

Tue, 31 May 2005 09:21:46 -0700 

Kikx wrote:

Nelson Bolyard wrote:


2. That SSL2 allows an attacker to "force you ... to use a very weak
  encryption".  That's just not true.  3DES and 128-bit RC43 are no
  weaker with SSL2 than with SSL3.  An SSL2 client can choose to disallow
  the "40-bit" ciphers, just as an SSL3 client can.  Likewise, an SSL3
  client that allows 40-bit ciphers is just as vulnerable with those
  ciphers as is an SSL2 client.



I 'm totally on your side and I approve what you say
But the fact is I consider that an attack is an attack if It successes
most of the time ... As 40 bit cipher are allowed 

Perhaps you mean "when the client allows 40-bit ciphers".
But the client does not always allow 40-bit ciphers.
I have configured my mozilla client to disallow ssl2 40-bit ciphers.
No version roll-back attack can force my ssl2 client to use weaker
ciphers than those it has been configured to use.
it is possible to lower the encryption (for most of the people) 

For all  of the people who enable  ssl2's 40-bit ciphers, and
for NONE of the people who disable ssl2's weaker ciphers.


but only that we should not accuse it of being vulnerable to things it
is not.


To be really clear
- SSLv2 with high encryption is as secure as SSLv3 with high encryption
- SSLv2 allows to downgrade the encryption (perhaps we can detect it but
most of the time it is not implemented on servers)


ssl2 allows an active attacker to force the connection to use a cipher of
its choose from among the ciphers enabled mutually by the client and server.
If a client enables only "128-bit" ssl2 ciphers, the attacker cannot force
the client to use weaker encryption.


We  have to clearly separate the encryption and the protocol which are
definitely different


I agree.  In fact that's my point.  If you're worried about the potential
use of 40-bit ssl2 ciphers, then disable the 40-bit ciphers.


Thanks for your advise but the fact is that we can do one thing : It is
to change some things on mozilla ... not one some servers in the world
which don't want to upgrade...


Thanks for your advice.

--
Nelson B    SSL/TLS engineer/developer for mozilla
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security

Reply via email to