Browse Prior Art Database

TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks (RFC7507)

IP.com Disclosure Number: IPCOM000241426D
Publication Date: 2015-Apr-25
Document File: 16 page(s) / 17K

Publishing Venue

The IP.com Prior Art Database

Related People

B. Moeller: AUTHOR [+2]

Abstract

To work around interoperability problems with legacy servers, many TLS client implementations do not rely on the TLS protocol version negotiation mechanism alone but will intentionally reconnect using a downgraded protocol if initial handshake attempts fail. Such clients may fall back to connections in which they announce a version as low as TLS 1.0 (or even its predecessor, Secure Socket Layer (SSL) 3.0) as the highest supported version.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 16% of the total text.

Internet Engineering Task Force (IETF)                        B. Moeller Request for Comments: 7507                                    A. Langley Updates: 2246, 4346, 4347, 5246, 6347                             Google Category: Standards Track                                     April 2015 ISSN: 2070-1721

             TLS Fallback Signaling Cipher Suite Value (SCSV)                for Preventing Protocol Downgrade Attacks

Abstract

   This document defines a Signaling Cipher Suite Value (SCSV) that    prevents protocol downgrade attacks on the Transport Layer Security    (TLS) and Datagram Transport Layer Security (DTLS) protocols.  It    updates RFCs 2246, 4346, 4347, 5246, and 6347.  Server update    considerations are included.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at    http://www.rfc-editor.org/info/rfc7507.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    (http://trustee.ietf.org/license-info) in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect    to this document.  Code Components extracted from this document must    include Simplified BSD License text as described in Section 4.e of    the Trust Legal Provisions and are provided without warranty as    described in the Simplified BSD License.

Moeller & Langley            Standards Track                    [Page 1]
 RFC 7507                    TLS Fallback SCSV                 April 2015

 Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2    2.  Protocol Values . . . . . . . . . . . . . . . . . . . . . . .   3    3.  Server Behavior . . . . . . . . . . . . . . . . . . . . . . .   4    4.  Client Behavior . . . . . . . . . . . . . . . . . . . . . . .   4    5.  Operational Considerations  . . . . . . . . . . . . . . . . .   5    6.  Security Considerations . . . . . . . . . . . . . . . . . . .   6    7.  IANA Considerations . . . . . . . . . ....