TLS 1.2 - Look before you Leap !
There's been a lively discussion on vulnerabilities in TLS v1.0 this week, based on an article posted earlier in the week ( http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/, http://www.theregister.co.uk/2011/09/21/google_chrome_patch_for_beast/, http://isc.sans.edu/diary.html?storyid=11611 ), which may (or may not, stay tuned) be based on a paper written back in 2006 ( http://eprint.iacr.org/2006/136.pdf ). Both the paper and the article outline an attack that can decrypt some part of a TLS 1.0 datastream (the article on the attack discusses cookies, we'll need to wait to see what it actually does). In any case, we've been seeing a fair amount of advice in the press recommending upgrading servers to TLS 1.2. I happened to make such a recommendation, with the caveat "if it makes sense in your infrastructure" on a mailing list, and was quickly corrected by Terry, an ISC reader. Terry correctly pointed out that upgrading your server is all well and good, but that's only half of the equation ...
yes, many (most?) browsers are not yet TLS 1.2 capable. I did a quick check, and while TLS 1.2 has been around for 3 years ( http://www.ietf.org/rfc/rfc5246.txt ), he was absolutely right.
The TLS support for browsers right now is:
IE9 TLS 1.0, 1.1, 1.2 all supported via Schannel
IE8 TLS 1.0 supported by default, 1.1 and 1.2 can be configured
Opera - 10.x supports TLS 1.0, 1.1, 1.2
I don't count older versions of any of these browsers, since people really should have auto-update on. if they don't they've probably got bigger problems ( http://isc.sans.edu/diary.html?storyid=11527 )
Mozilla/ Firefox - TLS 1.0 only (vote here to get this fixed ==> https://bugzilla.mozilla.org/show_bug.cgi?id=480514 )
Chrome - TLS 1.0 only (though an update is rumoured)
Safari - TLS 1.0
Cell phones - various support levels (webkit has tls 1.2 since Nov 2010, but for individual phone browser implementations your mileage may vary)
TLS Support for Servers is similarly spotty (thanks Swa for this list)
IIS (recent versions) again, all TLS versions supported
Apache with OpenSSL - 1.0 only
Apache with GNUTLS - 1.2 is supported. (note however that GNUTLS does not have the full feature set that OpenSSL does, nor does it have the body of testing, peer review and overall acceptance that OpenSSL has behind it.)
So, if you plan to upgrade to 1.2 and force clients to 1.2, your clients better be running Opera and IE9 ONLY. The game plan most folks will follow is to plan for an upgrade if their server supports 1.2 (which means IIS right now) and run both 1.0 and 1.2 in parallel. What this means for us as a community is that if there is in fact a TLS 1.0 exploit, we'll likely start seeing it in conjunction with TLS downgrade attacks - sounds familiar eh?
The other thing that leaps out at me in this mess is cellphones. Any "how popular is my browser" site out there will show the jockeying for market share between the various browsers over the years, and will also show the exponential growth of cellphone browser traffic on the web. Not only are they becoming the most popular browsers out there, they will likely become the majority of browser traffic as well. Updates for cellphone browsers do not come from the browser author, they come from the phone manufacturer, and are generally distributed to end-users of the device by the carrier. So the update of any given component (like the browser) can see significant delay (like months, or never) before real people see it on their device. This update logjam has been an ongoing issue, maybe a "crisis in crypto" will force some improvements in this area!
===============
Rob VandenBrink
Metafore
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago