Open Bug 1075167 Opened 10 years ago Updated 2 years ago

Report original error when failing on a TLS downgrade alert (SCSV)

Tracking

()

Status:

NEW

People

(Reporter: mt, Unassigned)

References

(
URL
)

Details

(Whiteboard: [psm-backlog])

Martin Thomson [:mt:]

Reporter

Description

•

10 years ago

When we've downgraded a connection, we treat the inappropriate_fallback TLS alert as fatal and report that as the cause of the problem. In most cases however, the reason that this is encountered (aside from actual occurrences of thwarted downgrade attacks), is some other error that triggered our TLS version intolerance logic. See bug 1072382 for an example. We could consider saving and surfacing the original error instead, which is more likely to be correct. That is, unless there is an active attack. It could also be handled more cleanly at upper layers (with reload and try again pages and the like).

Martin Thomson [:mt:]

Reporter

Updated

•

10 years ago

Blocks: 1108677

Dave Garrett

Updated

•

10 years ago

URL: https://tools.ietf.org/html/draft-iet... → https://tools.ietf.org/html/rfc7507

Dave Garrett

Updated

•

10 years ago

Summary: Report original error when failing on a TLS downgrade alert → Report original error when failing on a TLS downgrade alert (SCSV)

Dana Keeler (she/her) (use needinfo) [:keeler]

Updated

•

8 years ago

Whiteboard: [psm-backlog]

Dana Keeler (she/her) (use needinfo) [:keeler]

Updated

•

7 years ago

Priority: -- → P3

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Report original error when failing on a TLS downgrade alert (SCSV)

Categories

(Core :: Security: PSM, defect, P3)

Tracking

()

People

(Reporter: mt, Unassigned)

References

(
URL
)

Details

(Whiteboard: [psm-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated

Updated

Updated