FIPS 140.2 enabled TLS server rejects clients sending SSLv3 as record version in ClientHello
Florian Weimer
fw at deneb.enyo.de
Mon Oct 14 17:43:56 UTC 2019
* Sean Mullan:
> Can you give more info as to why SSLv3.0 is being used since it has well
> documented security weaknesses and should really no longer be used anymore?
I think the SSLv3.0-compatible client hello is not in itself
inherently unsafe, at least as long as the client is not willing to
actually negotiate SSLv3.0. In the past, there were load balancers
which could handle SSLv3.0-compatible hellos, but not much else. The
actual backend server would negotiate something more recent off the
legacy hello. I have no idea whether these workarounds are still
needed in practice.
However, I remember that past OpenJDK versions more or less defaulted
to sending such client hellos. If these clients are in principle able
to negotiate TLS 1.0 (or maybe even something newer), accepting that
in FIPS mode as well would be nice.
More information about the security-dev
mailing list