draft-ietf-tls-downgrade-scsv-02.txt   draft-ietf-tls-downgrade-scsv-03.txt 
Network Working Group B. Moeller Network Working Group B. Moeller
Internet-Draft A. Langley Internet-Draft A. Langley
Updates: 2246, 4346, 4347, 5246, 6347 Google Updates: 2246, 4346, 4347, 5246, 6347 Google
(if approved) November 12, 2014 (if approved) December 15, 2014
Intended status: Standards Track Intended status: Standards Track
Expires: May 16, 2015 Expires: June 18, 2015
TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol
Downgrade Attacks Downgrade Attacks
draft-ietf-tls-downgrade-scsv-02 draft-ietf-tls-downgrade-scsv-03
Abstract Abstract
This document defines a Signaling Cipher Suite Value (SCSV) that This document defines a Signaling Cipher Suite Value (SCSV) that
prevents protocol downgrade attacks on the Transport Layer Security prevents protocol downgrade attacks on the Transport Layer Security
(TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246. (TLS) protocol. It updates RFC 2246, RFC 4346, and RFC 5246.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 16, 2015. This Internet-Draft will expire on June 18, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 41 skipping to change at page 4, line 41
The TLS_FALLBACK_SCSV cipher suite value is meant for use by clients The TLS_FALLBACK_SCSV cipher suite value is meant for use by clients
that repeat a connection attempt with a downgraded protocol (perform that repeat a connection attempt with a downgraded protocol (perform
a "fallback retry") in order to work around interoperability problems a "fallback retry") in order to work around interoperability problems
with legacy servers. with legacy servers.
o If a client sends a ClientHello.client_version containing a lower o If a client sends a ClientHello.client_version containing a lower
value than the latest (highest-valued) version supported by the value than the latest (highest-valued) version supported by the
client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value client, it SHOULD include the TLS_FALLBACK_SCSV cipher suite value
in ClientHello.cipher_suites; see Section 6 for security in ClientHello.cipher_suites; see Section 6 for security
considerations for this recommendation. (Since the cipher suite considerations for this recommendation. (The client SHOULD put
list in the ClientHello is ordered by preference, with the TLS_FALLBACK_SCSV after all cipher suites that it actually intends
client's favorite choice first, signaling cipher suite values will to negotiate.)
generally appear after all cipher suites that the client actually
intends to negotiate.)
o As an exception to the above, when a client intends to resume a o As an exception to the above, when a client intends to resume a
session and sets ClientHello.client_version to the protocol session and sets ClientHello.client_version to the protocol
version negotiated for that session, it MUST NOT include version negotiated for that session, it MUST NOT include
TLS_FALLBACK_SCSV in ClientHello.cipher_suites. (In this case, it TLS_FALLBACK_SCSV in ClientHello.cipher_suites. (In this case, it
is assumed that the client already knows the highest protocol is assumed that the client already knows the highest protocol
version supported by the server: see [RFC5246], Appendix E.1.) version supported by the server: see [RFC5246], Appendix E.1.)
o If a client sets ClientHello.client_version to its highest o If a client sets ClientHello.client_version to its highest
supported protocol version, it MUST NOT include TLS_FALLBACK_SCSV supported protocol version, it MUST NOT include TLS_FALLBACK_SCSV
 End of changes. 5 change blocks. 
9 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/