Julien Pierre wrote:
RFC 2817 has serious security implications for clients, because it does
not specify a distinct URL scheme for TLS upgrade. Browsers are left
without a means to enforce encryption on the connection. It is up to the
server to upgrade the connection to TLS - or not . I would
On this thread [EMAIL PROTECTED] said to me:
"One quick comment (I will likely respond in more detail later) - SSL V2
should now be off across our entire complex. If you know of any cases
where we have specific servers that are still accepting V2 connections,
please can you let me kno
Peter Gutmann wrote:
[snip] Are there products around that will
actually reject an MSIE handshake with its wrong version number?
Yes, All NSS-based server products will do that by default.
There is a configuration option to disable the version roll-back
detection, and it is conceivable that s
Nelson B <[EMAIL PROTECTED]> writes:
>Peter Gutmann wrote:
>> Gervase Markham <[EMAIL PROTECTED]> writes:
>>>SSL3 has a mechanism for detecting an attacker attempting to downgrade a
>>>connection between two SSL3 endpoints to SSL2 in order to MITM it, if
>>>that's what you mean.
>>
>> However
Ian,
Ian G wrote:
That was my thought also. And what's more, Ben posted on my
blog at https://www.financialcryptography.com/mt/archives/000463.html
a week back that
Apache 2.1 supports TLS upgrade -
http://httpd.apache.org/docs-2.1/mod/mod_ssl.html#sslengine
"New in Apache 2.1, S
On Wednesday 01 June 2005 19:01, Gervase Markham wrote:
> Duane wrote:
> > This is especially important for web related uses
> > as you could also send the hostname you wanted to connect to before
> > doing the handshaking, which means if a server has 50 certificates to
> > choose from, and you sen
Duane wrote:
This is especially important for web related uses
as you could also send the hostname you wanted to connect to before
doing the handshaking, which means if a server has 50 certificates to
choose from, and you send a specific hostname it can try and match that
and send you the right c
Ian G wrote:
> Something I've been meaning to ask - is there any particular
> reason to continue to discuss SSLv3 when instead we could
> just talk about and promote TLSv1 ? That is, is there anything
> in the two specs and the deployed implementations that might
> make one or the other incompati
> Nelson B wrote:
> > Please read appendix E.2 of the SSL3 specification and TLS standard.
> > (It's the same appendix and same text in both documents).
> > SSL3 spec:http://wp.netscape.com/eng/ssl3/draft302.txt
> > TLS standard: http://www.rfc-editor.org/rfc/rfc2246.txt
Something I've been m
Nelson B wrote:
> I agree. In fact that's my point. If you're worried about the potential
> use of 40-bit ssl2 ciphers, then disable the 40-bit ciphers.
It's not just for me ... because i have already done that ... but it is
for 90% of the people using mozilla ... and who don't know about what
Kikx wrote:
Nelson Bolyard wrote:
2. That SSL2 allows an attacker to "force you ... to use a very weak
encryption". That's just not true. 3DES and 128-bit RC43 are no
weaker with SSL2 than with SSL3. An SSL2 client can choose to disallow
the "40-bit" ciphers, just as an SSL3 client can
Nelson B wrote:
> Please read appendix E.2 of the SSL3 specification and TLS standard.
> (It's the same appendix and same text in both documents).
> SSL3 spec:http://wp.netscape.com/eng/ssl3/draft302.txt
> TLS standard: http://www.rfc-editor.org/rfc/rfc2246.txt
Thanks for this interesting link
Nelson Bolyard wrote:
> 2. That SSL2 allows an attacker to "force you ... to use a very weak
>encryption". That's just not true. 3DES and 128-bit RC43 are no
>weaker with SSL2 than with SSL3. An SSL2 client can choose to disallow
>the "40-bit" ciphers, just as an SSL3 client can. L
Peter Gutmann wrote:
Gervase Markham <[EMAIL PROTECTED]> writes:
SSL3 has a mechanism for detecting an attacker attempting to downgrade a
connection between two SSL3 endpoints to SSL2 in order to MITM it, if
that's what you mean.
However for TLS Microsoft got their implementation of this wr
Gervase Markham <[EMAIL PROTECTED]> writes:
>Kikx wrote:
>> Yes ...
>> but there is still 2 solutions
>> - A very big warning if we speak in SSL3 and the answer came in SSL2
>SSL3 has a mechanism for detecting an attacker attempting to downgrade a
>connection between two SSL3 endpoints to S
Kikx wrote:
Considering that it's a lack of security and allow man in the middle
attack (down negociation only) and even if you would like to use TLS or
SSL3 an attaquant can just force you to go to SSL2 and then to use a
very weak encryption without any warning ...
There are two statements (or
Kikx wrote:
Gervase Markham wrote:
SSL3 has a mechanism for detecting an attacker attempting to downgrade a
connection between two SSL3 endpoints to SSL2 in order to MITM it, if
that's what you mean.
I don't understand your point ... I have writen a program a couple of
month before with dow
Gervase Markham wrote:
> Kikx wrote:
>
>> Yes ...
>> but there is still 2 solutions
>> - A very big warning if we speak in SSL3 and the answer came in SSL2
>
>
> SSL3 has a mechanism for detecting an attacker attempting to downgrade a
> connection between two SSL3 endpoints to SSL2 in order
Kikx wrote:
Yes ...
but there is still 2 solutions
- A very big warning if we speak in SSL3 and the answer came in SSL2
SSL3 has a mechanism for detecting an attacker attempting to downgrade a
connection between two SSL3 endpoints to SSL2 in order to MITM it, if
that's what you mean.
-
Yes ...
but there is still 2 solutions
- A very big warning if we speak in SSL3 and the answer came in SSL2
- A simple disabling of SSL2
Honnestly I don't know what is the best
___
Mozilla-security mailing list
Mozilla-security@mozi
On Thursday 19 May 2005 12:07, Kikx wrote:
> Considering that it's a lack of security and allow man in the middle
> attack (down negociation only) and even if you would like to use TLS or
> SSL3 an attaquant can just force you to go to SSL2 and then to use a
> very weak encryption without any warni
Considering that it's a lack of security and allow man in the middle
attack (down negociation only) and even if you would like to use TLS or
SSL3 an attaquant can just force you to go to SSL2 and then to use a
very weak encryption without any warning ...
I really think that mozilla should disable
22 matches
Mail list logo
