Hi all,
On 29.10.19 14:15, Jeremy Stanley wrote:
> On 2019-10-29 13:29:02 +0100 (+0100), Michael Kesper wrote:
>> On 27.10.19 17:27, Drew Parsons wrote:
>>> On 2019-10-27 23:13, Daniele Tricoli wrote:
> [...]
>>>> Not an expert here, but I think fallback is not done on
>>>> purpose due downgrade attacks:
>>>> https://en.wikipedia.org/wiki/Downgrade_attack
>>>
>>> I see. Still an odd kind of protection though. The attacker can
>>> just downgrade themselves.
>>
>> No. A sensible server will not talk to you if your requested SSL
>> version is too low. pub.orcid.org seems to use absolutely outdated
>> and insecure software versions.
>
> Well, downgrade attacks aren't usually a two-party scenario. The
> risk with a downgrade attack is when a victim client attempts
> communication with some server, and a third-party attacker tampers
> with the communication between the client and server sufficiently to
> cause protocol negotiation to fall back to an old enough version
> that the attacker can then exploit known flaws to decrypt and/or
> proxy ("man in the middle") that communication. Having both the
> client and the server be unwilling to use susceptible older protocol
> versions helps thwart this attack vector.
Ah, you're right.
So the right fix would be to remove this possibility from urllib3.
This, however, would break applications that need to use these insecure
connections.
At the least, I don't think build tests should fail if software
refuses to use deprecated and insecure connections.
Bye
Michael
Attachment:
signature.asc
Description: OpenPGP digital signature