Re: SSL 3.0 and older ciphers selected in applications

To: Kurt Roeckx <kurt@roeckx.be>
Cc: debian-security@lists.debian.org, 772487@bugs.debian.org
Subject: Re: SSL 3.0 and older ciphers selected in applications
From: Daniel Pocock <daniel@pocock.pro>
Date: Mon, 08 Dec 2014 19:22:33 +0100
Message-id: <[🔎] 5485EC69.2030509@pocock.pro>
In-reply-to: <[🔎] 20141208175834.GA11879@roeckx.be>
References: <[🔎] 54855E6D.9000308@pocock.pro> <[🔎] 20141208101220.GA13316@roeckx.be> <[🔎] 54858094.6070304@pocock.pro> <[🔎] 20141208113655.GA25596@roeckx.be> <[🔎] 54859797.6070304@pocock.pro> <[🔎] 20141208125312.GC11304@roeckx.be> <[🔎] 5485A904.4090504@pocock.pro> <[🔎] 20141208175834.GA11879@roeckx.be>


On 08/12/14 18:58, Kurt Roeckx wrote:
> On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
>>
>> I have no idea what technology is in use in the remote/client system.
>>
>> If my server socket is using TLSv1_method it is rejecting the connection
>> and logging those errors on my server:
>>
>> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>> Error code = 336130315 file=s3_pkt.c line=348
>>
>> My server then sends TCP RST to the client
> 
> So I can actually reproduce this with the s_client from squeeze,
> since that still generates an SSLv2 compatible client hello.  That
> does fail talking to any server using the TLSv1 method but
> works talking to the SSLv23 method.  Since I'm actually going to
> remove support for the TLSv1 method I don't intend to fix this.
> 

Will the TLSv1 method be removed in jessie or while jessie is still
supported?

If so, then applications like repro that use it by default will need to
be patched.

Reply to:

Follow-Ups:
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>

Prev by Date: Re: SSL 3.0 and older ciphers selected in applications
Next by Date: Re: SSL 3.0 and older ciphers selected in applications
Previous by thread: Re: SSL 3.0 and older ciphers selected in applications
Next by thread: Re: SSL 3.0 and older ciphers selected in applications
Index(es):
- Date
- Thread