[cap-talk] [Off-topic] SSL/TLS problems (was: Why petnames should not be used for password hashes.)

David Hopwood david.nospam.hopwood at blueyonder.co.uk
Sat Aug 20 11:44:55 EDT 2005

Ian G wrote:
> Many installations have to suffer the indignity
> of one IP number, and this effectively
> limits them to one Apache TLS server.   The long
> and the short of this is that you have to pick
> the favourite to get the secure web server, which
> is a real dampener on the growth of your activity.
> In practice, the flaw here is the deliberate
> discrimination of "TLS for commercial purposes"
> which has resulted in most of the web being
> insecured and led inevitably to phishing due
> to poor and infrequent use of TLS for security
> purposes.

I agree completely.

> Under TLS there is an ability to hint which domain
> you require, but this feature is not implemented
> in enough places to make it work as yet.

As it happens, I'm a co-author of the relevant RFC
(<http://www.rfc-editor.org/rfc/rfc3546.txt> section 3.1). I agree
that it isn't implemented in enough places yet.

> (PS: If anyone has any servers, upgrade them to
> TLS/SSLv3 only as soon enough browsers are likely
> to stop supporting SSLv2 so as to make available
> the sharing capabilities in TLS.)

I disagree with this; browsers have supported SSLv3 for long enough that
SSLv2 is hardly relevant any more (although v2-format client hellos that
negotiate SSLv3 or TLS should certainly still be supported). I've had v2
disabled in my browsers for several years, and I think only once encountered
a site that only supported v2.

A more important issue is to make sure that your server is not
"TLS-intolerant". Some servers break when the client has a highest
supported version number of {3,1} (i.e. TLS), in violation of the SSLv3
spec. Client libraries have to include "bug for bug compatibility"
workarounds for this that reduce security against version rollback

David Hopwood <david.nospam.hopwood at blueyonder.co.uk>

More information about the cap-talk mailing list