Upgrade to Pro — share decks privately, control downloads, hide ads and more …

TLS Version Intolerance

Tim Taubert
October 06, 2016
Programming
0
340

TLS Version Intolerance

Slides from a short talk at the Berlin AppSec & Crypto Meetup, a continuation of Hanno Böck’s talk about TLS version intolerance from a month before. He explained how with TLS 1.3 just around the corner there again are growing compatibility concerns about legacy TLS stacks. I covered the latest TLS WG developments around version negotiation for TLS 1.3 and GREASE.

Tim Taubert

October 06, 2016
Tweet

More Decks by Tim Taubert

See All by Tim Taubert
Formal Verification for Fun and Profit
ttaubert
0
110
Keeping Secrets with JavaScript - An Introduction to the WebCrypto API
ttaubert
34
28k

Other Decks in Programming

See All in Programming
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
230
try!Swift Tokyo 2024 参加報告 LT
akidon0000
1
220
Milestoner
bkuhlmann
1
410
Anthropic Cookbook のおすすめレシピ
schroneko
7
970
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
200
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
340
Polars入門
daikikatsuragawa
1
100
educure_カリキュラム生操作マニュアル.pdf
linew_official
0
800
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
2
190
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
210
コーンフレークから始める モデリング会話入門
ogurotakayuki
0
370
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
340

Featured

See All Featured
A designer walks into a library…
pauljervisheath
200
23k
Creatively Recalculating Your Daily Design Routine
revolveconf
210
11k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Adopting Sorbet at Scale
ufuk
68
8.6k
10 Git Anti Patterns You Should be Aware of
lemiorhan
648
58k
Into the Great Unknown - MozCon
thekraken
10
990
How GitHub (no longer) Works
holman
304
140k
No one is an island. Learnings from fostering a developers community.
thoeni
16
2.1k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
It's Worth the Effort
3n
180
27k
Embracing the Ebb and Flow
colly
80
4.1k
Being A Developer After 40
akosma
57
580k

Transcript

  1. Tim Taubert @ttaubert Version negotiation and GREASE in TLS 1.3

    October 2016, Berlin

  2. Version Intolerance & Fallbacks Downgrade Protections TLS 1.3 Version Negotiation

    GREASE

  3. Negotiating a TLS connection Client: The highest TLS version I

    support is 1.2. Server: I only support TLS 1.1, let’s use that to communicate.

  4. Hitting a version intolerant server Client: The highest TLS version

    I support is 1.3. Server: *does stupid things* d

  5. 1st connection attempt: Client: The highest TLS version I support

    is 1.3. Server: *does not understand* 2nd connection attempt: Client: The highest TLS version I support is 1.2. Server: Now we’re talking!

  6. Insecure Version Fallbacks Disabled since Firefox 37 and Chrome 50

    POODLE attacks CBC padding in SSL 3.0

  7. Version Intolerance & Fallbacks Downgrade Protections TLS 1.3 Version Negotiation

    GREASE

  8. Downgrade Protection Mechanisms TLS_FALLBACK_SCSV {0x56, 0x00} RFC 7507 by Adam

    Langley and Bodo Möller

  9. Downgrade Protection Mechanisms Downgrade sentinels in TLS 1.3 Static values

    at the end of ServerHello.random TLS 1.2: 0x44 0x4F 0x57 0x4E 0x47 0x52 0x44 0x01 TLS 1.1: 0x44 0x4F 0x57 0x4E 0x47 0x52 0x44 0x00

  10. Version Intolerance & Fallbacks Downgrade Protections TLS 1.3 Version Negotiation

    GREASE

  11. TLS 1.3 Version Negotiation ClientHello.legacy_version = {3, 3} (static) Negotiate

    via supported_versions extension

  12. Version Intolerance & Fallbacks Downgrade Protections TLS 1.3 Version Negotiation

    GREASE

  13. Generate Random Extensions And Sustain Extensibility “have one joint and

    keep it well oiled” (AGL) Inject GREASE values pseudo-randomly

  14. Thanks! Questions? https://timtaubert.de/talks/tls-version-intolerance/