zlacker

[parent] [thread] 2 comments
1. jlgadd+(OP)[view] [source] 2017-02-28 06:12:16
On the other hand, allowing stuff that you don't understand gives us things like the CSRF vulnerabilities in MongoDB and such.

In the case of a security appliance -- such as this -- it should, in my opinion, "fail closed".

replies(1): >>deatha+Z
2. deatha+Z[view] [source] 2017-02-28 06:28:16
>>jlgadd+(OP)
Sorry, no. TLS is explicitly designed to allow smooth upgrading like this. This proxy is supposed to (in response to a client hello w/ TLSv1.3) respond with TLSv1.2 if that's what it supports. This is still a rigorous parsing of the input being given: nothing is "not understood": version negotiation is an inherent part of the protocol and is supposed to allow for painless upgrades to more secure protocols.

The RFC (which if you're implementing TLS, you should have open at all times) explicitly calls out exactly this behavior:

> Note: some server implementations are known to implement version negotiation incorrectly. For example, there are buggy TLS 1.0 servers that simply close the connection when the client offers a version newer than TLS 1.0.

The quality of this vendor's implementation is extremely suspect.

replies(1): >>rocqua+L9
◧◩
3. rocqua+L9[view] [source] [discussion] 2017-02-28 08:39:06
>>deatha+Z
The issue only occurs in non-mitm mode, probably meaning the box doesn't actually do the TLS handsake, instead merely inspecting it.
[go to top]