Questions tagged [tls-downgrade]

20 questions
19
votes
3 answers

Should I use SSL/TLS renegotiation?

Should I use SSL/TLS renegotiation? In other words: does SSL/TLS renegotiation enhance or weaken the security?
Jim
  • 341
  • 1
  • 2
  • 5
11
votes
1 answer

Is TLS_FALLBACK_SCSV useless if only TLS (1.0, 1.1, 1.2) is supported?

Ssllabs does not give A+ (highest) rating if the server does not support TLS_FALLBACK_SCSV to prevent downgrade attack. But I am wondering, is it really any useful if the server legitimately provide support only for 3 latest versions of TLS? So…
Ilya Chernomordik
  • 2,197
  • 1
  • 21
  • 36
4
votes
2 answers

What happens if STARTTLS dropped in SMTP?

SMTP uses STARTTLS extension to upgrade SMTP to SMTP Secure (STMPS). According the the RFC, the client and server starts TLS as follows: S: C: S: 220 mail.imc.org SMTP service ready …
user6875880
  • 167
  • 1
  • 3
3
votes
1 answer

Why is TLS1.2 wrapped in TLS1.3?

I was just curious about TLS1.3 which Cloudflare is one of the companies leading the implementation. I then visited blog.cloudflare.com and turned on my Wireshark. I am not 100% clear about all technical details of TLS1.3, but one of the new…
匿名柴棍
  • 303
  • 1
  • 7
3
votes
1 answer

Security implications of a missing SCSV, but with only TLS 1.2 allowed

Similar to this security stackexchange question, I was wondering if there's any downside, considering the services/servers security, if only TLS 1.2 allowed, but TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade…
Breakfast Serial
  • 85
  • 1
  • 1
  • 6
2
votes
1 answer

What is extension intolerance in the context of TLS?

SSL Labs checks for TLS version intolerance and TLS extension intolerance. I've seen another answer on this site that covers version intolerance, but what does extension intolerance mean, specifically, in this context? The most information I could…
Polynomial
  • 132,208
  • 43
  • 298
  • 379
2
votes
2 answers

TLS downgrade attacks

I'm currently looking at e-mail security and wondered whether server to server e-mail communication that enforces TLS, will prevent the risk of TLS downgrade attacks?
Chri3
  • 327
  • 1
  • 11
2
votes
1 answer

Why TLS does not sign ciphersuite?

TLS negotiates a ciphersuite and TLS version to use during handshake. It confirms the handshake was not tampered with and the ciphersuite and TLS version were not downgraded using the negotiated ciphers, as explained here. However, this verification…
Peter Harmann
  • 7,728
  • 5
  • 20
  • 28
2
votes
1 answer

Objectives of TLS_FALL_SCSV and finished-message

I'm not sure, I can tell the purpose of a TLS_FALLBACK_SCSV. Can it prevent any attack that the finished-message can't? As far as I understand, the FIN message acts as an authentication code that stops active attackers from dropping protocol…
user140672
  • 23
  • 2
2
votes
1 answer

How to enable ONLY TLS 1.2 in Java, blocking SSL TLS1.0 and TLS 1.1

I'm creating my SSL context like this: SSLContext ret = SSLContext.getInstance("TLSv1.2"); When I went in firefox and forced it to disable TLS1.2, I noticed the page still loaded using TLS1.1 I would like to make sure the server ONLY allows TLS1.2…
satnam
  • 208
  • 1
  • 2
  • 4
2
votes
1 answer

How can an attacker downgrade/modify the cipher suites when they are MACed? (Freak, Logjam use downgrade attacks)

In the Finished handshake of TLS all previous messages exchanged are sent from the client to the server (and reverse) and protected by a MAC. This is what also "prevents" TLS_FALLBACK_SCSV from being modified/deleted by an attacker. But attacks as…
rugk
  • 1,237
  • 1
  • 13
  • 25
1
vote
1 answer

Why would TLSv1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA still be used?

First, I may be asking a dumb question. I am trying to learn, so please, take it easy on me. Second, if this is not the right place for this question, or you can link me elsewhere, please tell me/ do so. Third, I appreciate anyone who takes the…
Ryan
  • 11
  • 1
  • 3
1
vote
1 answer

SSL - Does Change_cipher protects against downgrade ?

An excerpt of one of my courses about SSL/TLS says the following, This excerpt is just after the Handshake finish phase of SSL (with change_cipher_spec and finished messages). Role of the finish phase : counter the downgrade attack. An attacker…
Arthur Attout
  • 205
  • 2
  • 5
1
vote
0 answers

Downgrading TLS 1.0 to SSLv3 - Handshake error (40)

I have a device that functions as a server and uses OpenSSL - it supports SSLv3 and TLS 1.0. That same device also functions as a client to some other servers - I am trying to see if I can downgrade the connection from the device to SSLv3 (a…
Zach P
  • 131
  • 4
1
2