Message214501
That's not entirely true unfortunately :(
There are downgrade attacks that work all the way up through TLS 1.2. These are not strictly a problem of the protocol specs but instead of the implementations.
See: https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks
The general gist of it is some servers/firewalls/etc have buggy implementations that cause a TLS1.0+ handshake to fail and some clients (browsers being a big one) decided to handle this by restarting the connection with SSL3.0 instead of TLS1.0+. So thus it is possible to effectively downgrade a client, even one that supports TLS1.2. It is not however possible to do it within a single connection.
The version selection process should not be considered a security feature but should instead be looked at as a way to opportunistically add newer features. |
|
Date |
User |
Action |
Args |
2014-03-22 18:21:03 | dstufft | set | recipients:
+ dstufft, pitrou, christian.heimes, alex |
2014-03-22 18:21:03 | dstufft | set | messageid: <1395512463.45.0.734089760077.issue21013@psf.upfronthosting.co.za> |
2014-03-22 18:21:03 | dstufft | link | issue21013 messages |
2014-03-22 18:21:03 | dstufft | create | |
|