JEP 244: TLS Application-Layer Protocol Negotiation Extension

Thomas Lußnig lussnig at suche.org
Tue Apr 14 16:25:08 UTC 2015


Hi,

the point is simple. The description for the code say that TLSv1.2
should not have an valid PRF.
But for example SSL_DH_anon_WITH_DES_CBC_SHA which is obsoleted in TLSv1.2.
But since obsoleted is set to TLSv1.2 the code part:

if (obsoleted < ProtocolVersion.TLS12.v) { prf = P_NONE; }

Does not set the PRF to the invalid NONE as i would expected with the
description.

Gruß Thomas
> On 4/14/2015 2:25 AM, Thomas Lußnig wrote:
>> Hi,
>>
>> i checked the CipherSuites in JDK and found that in the JDK there is and
>> mistake i think.
>> In CipherSuite the method add set the PRF to NONE only if obsoleted less
>> than TLSv1.2.
>> But if the suite is forbidden / obsoleted in TLSv1.2 the check must be
>> <= (less or equal)
> Can you explain more about this point?
>
> Xuelei
>
>> if i am correct.
>>
>> http://grepcode.com/file_/repository.grepcode.com/java/root/jdk/openjdk/8-b132/sun/security/ssl/CipherSuite.java/?v=source
>>
>>     /*
>>      * Use this method when there is no lower protocol limit where this
>>      * suite can be used, and the PRF is P_SHA256.  That is, the
>>      * existing ciphersuites.  From RFC 5246:
>>      *
>>      *     All cipher suites in this document use P_SHA256.
>>      */
>>     private static void add(String name, int id, int priority,
>>             KeyExchange keyExchange, BulkCipher cipher,
>>             boolean allowed, int obsoleted) {
>>         // If this is an obsoleted suite, then don't let the TLS 1.2
>>         // protocol have a valid PRF value.
>>         PRF prf = P_SHA256;
>>         if (obsoleted < ProtocolVersion.TLS12.v) {
>>             prf = P_NONE;
>>         }
>>
>>         add(name, id, priority, keyExchange, cipher, allowed, obsoleted,
>>             ProtocolVersion.LIMIT_MIN_VALUE, prf);
>>     }
>>
>> Gruß Thomas
>>



More information about the security-dev mailing list