On Wed Sep 21 22:31:25 2011, Florian Zeitz wrote:
Am 21.09.2011 20:37, schrieb Alexander Holler:
> Hello,
>
Hi,
first a disclaimer: I'm bound to be wrong about this. It is however
correct to the best of my knowledge.
Quite. I'm personally hoping EKR pops in to explain it better.
> reading some news items about possible problems with TLS 1.0 (that
> BEAST), is there someone out here who has tested or knows
something
> about interoperability of TLS 1.0 with TLS 1.1 or TLS 1.2,
especially in
> regard to XMPP?
>
Personally, while I assume there is a real practical exploit, I
would
not get too much into this before BEAST has been presented. It has
been
said that the same exploit could be applied to IM, however some of
the
statements made about how BEAST allegedly works make that sound
strange
to me, we'll see.
I *think* that if a client adds in random data (such as a stream id)
into the stream open, that is sufficient to defeat the attack. This
is based on my suspicion that the attack is based on the initial
encrypted block having entirely known/chosen plaintext, but I may
well be wrong here - it's just as possible that only some of the
plaintext needs to be known.
The various articles talk about an MITM, rather than a purely passive
eavesdropper, and I do wonder if this is an intentional statement or
a misunderstanding - if an active MITM is required, this makes the
attack considerably harder.
Also, there are suggestions that TLSv1.0 with RC4 is also immune.
As far as interoperability is concerned. I don't think XMPP plays
any
role in this. Except for starttls which is TLS version independent
that
is strictly a different layer.
Also it's new to me that TLS 1.0 would have to interoperate with
TLSv1.1
or TLSv1.2.
TLS client and server negotiate a TLS version using the
(Client/Server)Hello messages.
Right - if you point a TLSv1.1 capable client at a TLSv1.0-only
server, you'll get TLSv1.0.
AFAIK it is in no released version of OpenSSL at all yet.
Apparently it
will be available in version 1.0.1.
I thought I saw 1.1.0 mentioned as the release - I could very easily
be wrong, though.
Dave.
--
Dave Cridland - mailto:[email protected] - xmpp:[email protected]
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
