OpenSSL

Bug #965371
Comment #47

Comment 47 for bug 965371

Revision history for this message

Adam Porter (alphapapa) wrote on 2012-07-07: Re: [Bug 965371] Re: HTTPS requests fail on sites which immediately close the connection if TLS 1.1 negotiation is attempted, on Ubuntu 12.04

#47

On Sat, Jul 7, 2012 at 8:50 AM, Marc Deslauriers
<email address hidden> wrote:
> So the whole world is moving to TLS 1.1 and 1.2, and Evernote's server
> isn't compatible. How is this a Ubuntu bug?

I'm no expert on TLS, but surely it's an exaggeration to say that the
whole world is moving to 1.1 and 1.2. This exact issue can be found
in reports on mailing lists (including openssl's) going back at least
two years. The whole issue arises because of a failed backward
negotiation by the server. When are these servers (Apache and PHP, in
Evernote's case), which currently fail to fall backwards, going to
start rejecting clients who do the same? Are they really going to
drop like a hot rock browsers which can't even request TLS 1.1 or 1.2,
browsers which will necessarily be in use for many more years? (You
must consider enterprise installations, proprietary software, and
embedded software which won't be even upgraded until the hardware is
replaced.) Last I checked, HTTP 1.1 was not required on any web
sites--1.0 works fine. SSL still works too, so why would TLS 1.0 be
dropped?

> What do you propose we do? Disable TLS 1.1 and 1.2, which will prevent
> Ubuntu from working with newer sites that will start requiring it, just
> to fix Evernote's broken server?

If there are servers which commonly refuse SSLv3 and TLS 1.0 and
require TLS 1.1 or 1.2, please let me know--again, I'm no expert. Or
are users actually at risk by not having support for protocols which
may not even work? Are there such serious security flaws in TLS 1.0?
(If so, why do servers support it and even SSL?)

Lacking examples of such, what we have is a known problem in which
user software utterly fails after upgrading the OS, in which the only
workaround is to reinstall and downgrade the entire OS--versus a
potential benefit of supporting newer versions of a protocol which
many servers don't even support yet, and indeed fail on.

If it's not that clear-cut, please explain why. Otherwise, the choice
seems obvious to me: disable TLS 1.1 and 1.2 by default so that Ubuntu
users who have upgraded to "Precise 12.04 Long Term Support" will not
have their software mysteriously fail without recourse. If the
situation changes at a later time, whether by an upgrade to OpenSSL
which works around broken servers, or if broken servers truly
disappear from the Internet, then 1.1 and 1.2 could be reenabled.

As I have always understood it, the point of a distro is to make
software work for the user. So, yes, I propose that you disable TLS
1.1 and 1.2 by default.

On Sat, Jul 7, 2012 at 8:50 AM, Marc Deslauriers
<marc.deslauriers@canonical.com> wrote:
> So the whole world is moving to TLS 1.1 and 1.2, and Evernote's server
> isn't compatible. How is this a Ubuntu bug?

I'm no expert on TLS, but surely it's an exaggeration to say that the
whole world is moving to 1.1 and 1.2.  This exact issue can be found
in reports on mailing lists (including openssl's) going back at least
two years.  The whole issue arises because of a failed backward
negotiation by the server.  When are these servers (Apache and PHP, in
Evernote's case), which currently fail to fall backwards, going to
start rejecting clients who do the same?  Are they really going to
drop like a hot rock browsers which can't even request TLS 1.1 or 1.2,
browsers which will necessarily be in use for many more years?  (You
must consider enterprise installations, proprietary software, and
embedded software which won't be even upgraded until the hardware is
replaced.)  Last I checked, HTTP 1.1 was not required on any web
sites--1.0 works fine.  SSL still works too, so why would TLS 1.0 be
dropped?

> What do you propose we do? Disable TLS 1.1 and 1.2, which will prevent
> Ubuntu from working with newer sites that will start requiring it, just
> to fix Evernote's broken server?

If there are servers which commonly refuse SSLv3 and TLS 1.0 and
require TLS 1.1 or 1.2, please let me know--again, I'm no expert.  Or
are users actually at risk by not having support for protocols which
may not even work?  Are there such serious security flaws in TLS 1.0?
(If so, why do servers support it and even SSL?)

If it's not that clear-cut, please explain why.  Otherwise, the choice
seems obvious to me: disable TLS 1.1 and 1.2 by default so that Ubuntu
users who have upgraded to "Precise 12.04 Long Term Support" will not
have their software mysteriously fail without recourse.  If the
situation changes at a later time, whether by an upgrade to OpenSSL
which works around broken servers, or if broken servers truly
disappear from the Internet, then 1.1 and 1.2 could be reenabled.

As I have always understood it, the point of a distro is to make
software work for the user.  So, yes, I propose that you disable TLS
1.1 and 1.2 by default.