[9] RFC: 8061798: Add support for TLS_FALLBACK_SCSV (RFC 7507)

Xuelei Fan xuelei.fan at oracle.com
Wed Jun 3 01:56:28 UTC 2015 

Hi Florian,

I can sponsor you for the specification update approval and changeset
integration if needed.

I still have a few comments about this fix:

1. TLS_FALLBACK_SCSV may still be miss-used as it is defined as a
default enabled cipher suites.

Some applications may just get all supported cipher suites and enable
them all for a certain circumstance.  For example:

    String[] suites = sslSocket.getSupportedCipherSuites();
    sslSocket.setEnabledCipherSuites(suites);

As would result in unexpected behavior as you concerned about this protocol.

What do you think if TLS_FALLBACK_SCSV is not defined as a supported
(enabled) cipher suite?  I mean SSLSocket.getSupportedCipherSuites()
would not return TLS_FALLBACK_SCSV in any cases.

2. SSLEngineImpl
Better to update SSLEngineImpl.java in this fix as what you did for
SSLSocketImpl.java

3. src/java.base/share/classes/javax/net/ssl/SSLParameters.java
------------
 472      * <b>Note:</b> Performing protocol downgrades outside the TLS
 473      * protocol can introduce security vulnerabilities.  The
 474      * built-in version negotiation mechanism of the TLS protocol
 475      * should be used instead of explicit protocol downgrades.
 476      * See section 4 of RFC 7507 for additional advice.

Sounds like it is a part of "implNote".

------------
 478      * @implNote
 479      * The default JSSE provider uses the TLS_FALLBACK_SCSV signaling
 480      * ciphersuite value to indicate protocol fallback, as specified
 481      * in RFC 7507.

As this is a public spec, any JSSE provider should follow this spec.
I'd like to say:
   "A JSSE provider should use the TLS_FALLBACK_SCSV ..."

------------
 491     public final void setIndicateProtocolFallback(
                 boolean indicateFallback) {
 506     public final boolean getIndicateProtocolFallback()

"setIndicate" does not sound like instinctive enough to me.  What do you
think:
        void indicateProtocolFallback(boolean useProtocolFallback)
        boolean isProtocolFallback()
or
        void setUseProtocolFallback(boolean useProtocolFallback)
        boolean getUseProtocolFallback()

Thanks,
Xuelei


On 5/7/2015 2:01 PM, Florian Weimer wrote:
> On 05/07/2015 01:39 AM, Xuelei Fan wrote:
>> On 5/6/2015 9:42 PM, Florian Weimer wrote:
>>> On 05/06/2015 01:42 AM, Xuelei Fan wrote:
>>>> As additional APIs are strongly desired, what do you think to make the
>>>> API more general and easy to use?  For example, using the name:
>>>>
>>>>     SSLParameters.setUseFallbackMode(boolean isFallback)
>>>>     boolean SSLParameters.getuseFallbackMode()
>>>>
>>>> We can implement more for this parameters if need to take care of
>>>> additional more problems during fallback negotiation.  Instinctively,
>>>> developers and code reviewers would not call this APIs unless this is a
>>>> real fallback negotiation, I think.
>>>
>>> Sounds reasonable.  I have add an @implNote mentioning that the default
>>> provider sends TLS_FALLBACK_SCSV.
>>>
>>>   <http://cr.openjdk.java.net/~fweimer/8061798/webrev.01/>
>>>
>> I guess the new webrev may be:
>>    http://cr.openjdk.java.net/~fweimer/8061798/webrev.02/
> 
> Right, sorry.
>

More information about the security-dev mailing list