zlacker

[return to "BlueCoat and other proxies hang up during TLS 1.3"]
1. JoshTr+w[view] [source] 2017-02-28 01:38:28
>>codero+(OP)
Note that this happens even when using a BlueCoat proxy in non-MITM mode. BlueCoat tries to "analyze" TLS connections, and rejects anything it doesn't understand. This exact issue occurred with TLS 1.2 back when BlueCoat only understood 1.1/1.0.

In this case, it doesn't sound like they're reverting it because of overall breakage, but rather because it breaks the tool that would otherwise be used to control TLS 1.3 trials and other configuration. Firefox had a similar issue, where they temporarily used more conservative settings for their updater than for the browser itself, to ensure that people could always obtain updates that might improve the situation.

◧◩
2. codero+31[view] [source] 2017-02-28 01:47:50
>>JoshTr+w
Rejecting anything it doesn't understand sounds like a bug to me. If it sees that it's TLS, it should attempt a protocol downgrade. There's absolutely no reason for this to break, as TLS 1.3 exists alongside TLS 1.2 (For now).
◧◩◪
3. jlgadd+Vk[view] [source] 2017-02-28 06:12:16
>>codero+31
On the other hand, allowing stuff that you don't understand gives us things like the CSRF vulnerabilities in MongoDB and such.

In the case of a security appliance -- such as this -- it should, in my opinion, "fail closed".

◧◩◪◨
4. deatha+Ul[view] [source] 2017-02-28 06:28:16
>>jlgadd+Vk
Sorry, no. TLS is explicitly designed to allow smooth upgrading like this. This proxy is supposed to (in response to a client hello w/ TLSv1.3) respond with TLSv1.2 if that's what it supports. This is still a rigorous parsing of the input being given: nothing is "not understood": version negotiation is an inherent part of the protocol and is supposed to allow for painless upgrades to more secure protocols.

The RFC (which if you're implementing TLS, you should have open at all times) explicitly calls out exactly this behavior:

> Note: some server implementations are known to implement version negotiation incorrectly. For example, there are buggy TLS 1.0 servers that simply close the connection when the client offers a version newer than TLS 1.0.

The quality of this vendor's implementation is extremely suspect.

◧◩◪◨⬒
5. rocqua+Gu[view] [source] 2017-02-28 08:39:06
>>deatha+Ul
The issue only occurs in non-mitm mode, probably meaning the box doesn't actually do the TLS handsake, instead merely inspecting it.
[go to top]