Discussion:
Please document the new SSL_MODE_SEND_FALLBACK_SCSV
Jakob Bohm
2014-10-17 14:59:10 UTC
Permalink
The new SSL_MODE_SEND_FALLBACK_SCSV option is badly documented in
the wiki and man pages, which is going to cause a lot of problems
when people everywhere rush to incorporate the security fixes into
their code.

In particular, I find the following to be fully undocumented (except
by trying to read the code):

1. SSL_MODE_SEND_FALLBACK_SCSV was introduced in versions 1.0.1j,
1.0.0o and 0.9.8zc, not way back when SSL_CTX_set_mode() itself
was introduced. The information at the bottom of that manpage
needs to say that, like it already does for SSL_MODE_AUTO_RETRY.

2. [ THIS IS A GUESS ]
SSL_MODE_SEND_FALLBACK_SCSV should only be set if the client
contains code like the following:

/* pseudo code */
SSL_try_connect_(supporting versions x..y)
if (failed) {
SSL_try_connect_(supporting versions x..y-1)
if (failed) {
SSL_try_connect_(supporting versions x..y-2)
... (etc.)
}
}

In which case that code needs to change to

/* pseudo code */
SSL_try_connect_(supporting versions x..y)
/* No SSL_MODE_SEND_FALLBACK_SCSV when trying with highest
attempted y */
if (failed) {
SSL_try_connect_(supporting versions x..y-1,
SSL_MODE_SEND_FALLBACK_SCSV)
if (failed) {
SSL_try_connect_(supporting versions x..y-2,
SSL_MODE_SEND_FALLBACK_SCSV)
... (etc.)
}
}

(Note: The Internet draft says (in very technical terms) when an
SSL client should send the message, not when an application should
tell any given SSL library to do so, because that answer is expected
to differ between OpenSSL, Mozilla NSS, Microsoft SCHANNEL,
MatrixSSL and other SSL libraries).

3. Unlike the other SSL_MODE_ options, SSL_MODE_SEND_FALLBACK_SCSV
is not aboutan internal API behavior.

4. Why this isn't SSL_OPTION_SEND_FALLBACK_SCSV (there is probably
a good reason, but itisn't documented).

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 SÞborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
Nou Dadoun
2014-10-17 16:25:12 UTC
Permalink
Since this is the users list (as opposed to the dev list) I’m a little confused about point 2 there; my understanding from the sketchy descriptions I’ve read is that the fallback to a lower version is automatically done by openssl on connect failure as opposed to something similar to the code snippet below being present in application code. (i.e. I’m not sure whether you intend the “client” in that description to be openssl library code or user application code which calls into the library). Thanks 
 N

From: owner-openssl-***@openssl.org [mailto:owner-openssl-***@openssl.org] On Behalf Of Jakob Bohm
Sent: October-17-14 7:59 AM
To: openssl-***@openssl.org
Subject: Please document the new SSL_MODE_SEND_FALLBACK_SCSV

The new SSL_MODE_SEND_FALLBACK_SCSV option is badly documented in
the wiki and man pages, which is going to cause a lot of problems
when people everywhere rush to incorporate the security fixes into
their code.

In particular, I find the following to be fully undocumented (except
by trying to read the code):

1. SSL_MODE_SEND_FALLBACK_SCSV was introduced in versions 1.0.1j,
1.0.0o and 0.9.8zc, not way back when SSL_CTX_set_mode() itself
was introduced. The information at the bottom of that manpage
needs to say that, like it already does for SSL_MODE_AUTO_RETRY.

2. [ THIS IS A GUESS ]
SSL_MODE_SEND_FALLBACK_SCSV should only be set if the client
contains code like the following:

/* pseudo code */
SSL_try_connect_(supporting versions x..y)
if (failed) {
SSL_try_connect_(supporting versions x..y-1)
if (failed) {
SSL_try_connect_(supporting versions x..y-2)
... (etc.)
}
}

In which case that code needs to change to

/* pseudo code */
SSL_try_connect_(supporting versions x..y)
/* No SSL_MODE_SEND_FALLBACK_SCSV when trying with highest
attempted y */
if (failed) {
SSL_try_connect_(supporting versions x..y-1, SSL_MODE_SEND_FALLBACK_SCSV)
if (failed) {
SSL_try_connect_(supporting versions x..y-2, SSL_MODE_SEND_FALLBACK_SCSV)
... (etc.)
}
}

(Note: The Internet draft says (in very technical terms) when an
SSL client should send the message, not when an application should
tell any given SSL library to do so, because that answer is expected
to differ between OpenSSL, Mozilla NSS, Microsoft SCHANNEL,
MatrixSSL and other SSL libraries).

3. Unlike the other SSL_MODE_ options, SSL_MODE_SEND_FALLBACK_SCSV
is not about an internal API behavior.

4. Why this isn't SSL_OPTION_SEND_FALLBACK_SCSV (there is probably
a good reason, but it isn't documented).



Enjoy



Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com

Transformervej 29, 2860 SÞborg, Denmark. Direct +45 31 13 16 10

This public discussion message is non-binding and may contain errors.

WiseMo - Remote Service Management for PCs, Phones and Embedded
Jakob Bohm
2014-10-19 22:01:30 UTC
Permalink
According to the discussions in other threads, some applications
contain that kind of code, some don't.

Since alot of people are getting confused, I am asking that the
documentation clarify if only applications with that kind of code
need to do anything at all.
Since this is the users list (as opposed to the dev list) I’m a little
confused about point 2 there; my understanding from the sketchy
descriptions I’ve read is that the fallback to a lower version is
automatically done by openssl on connect failure as opposed to
something similar to the code snippet below being present in
application code. (i.e. I’m not sure whether you intend the “client”
in that description to be openssl library code or user application
code which calls into the library). Thanks … N
*Sent:* October-17-14 7:59 AM
*Subject:* Please document the new SSL_MODE_SEND_FALLBACK_SCSV
The new SSL_MODE_SEND_FALLBACK_SCSV option is badly documented in
the wiki and man pages, which is going to cause a lot of problems
when people everywhere rush to incorporate the security fixes into
their code.
In particular, I find the following to be fully undocumented (except
1. SSL_MODE_SEND_FALLBACK_SCSV was introduced in versions 1.0.1j,
1.0.0o and 0.9.8zc, not way back when SSL_CTX_set_mode() itself
was introduced. The information at the bottom of that manpage
needs to say that, like it already does for SSL_MODE_AUTO_RETRY.
2. [ THIS IS A GUESS ]
SSL_MODE_SEND_FALLBACK_SCSV should only be set if the client
/* pseudo code */
SSL_try_connect_(supporting versions x..y)
if (failed) {
SSL_try_connect_(supporting versions x..y-1)
if (failed) {
SSL_try_connect_(supporting versions x..y-2)
... (etc.)
}
}
In which case that code needs to change to
/* pseudo code */
SSL_try_connect_(supporting versions x..y)
/* No SSL_MODE_SEND_FALLBACK_SCSV when trying with highest
attempted y */
if (failed) {
SSL_try_connect_(supporting versions x..y-1,
SSL_MODE_SEND_FALLBACK_SCSV)
if (failed) {
SSL_try_connect_(supporting versions x..y-2,
SSL_MODE_SEND_FALLBACK_SCSV)
... (etc.)
}
}
(Note: The Internet draft says (in very technical terms) when an
SSL client should send the message, not when an application should
tell any given SSL library to do so, because that answer is expected
to differ between OpenSSL, Mozilla NSS, Microsoft SCHANNEL,
MatrixSSL and other SSL libraries).
3. Unlike the other SSL_MODE_ options, SSL_MODE_SEND_FALLBACK_SCSV
is not about an internal API behavior.
4. Why this isn't SSL_OPTION_SEND_FALLBACK_SCSV (there is probably
a good reason, but it isn't documented).
--
Jakob Bohm, CIO, partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. direct: +45 31 13 16 10
<call:+4531131610>
This message is only for its intended recipient, delete if misaddressed.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org
Loading...