Notes on TLS - SSL 3.0 Intolerant Servers

不具合

多くの Netscape 6.x/7.x および Mozilla 利用者が、いくつかのセキュリティ保護されたサイト -- オンライントランザクションやオンラインバンクでHTTPSプロトコルを使っている一般的なサイト -- で何も表示されないと報告してきています。 接続は終わっているように見えますが空白ページが表示されます。これがMozillaベースのブラウザがTLS/SSL 3.0 狭量(不寛容)なサーバに遭遇したときの問題の主な症状です。

原因

現状、SSL 3.0 仕様の狭量な実装がされたいくつかのWebサーバがあります。 この狭量な実装はSSL 3.0 および TLS (aka SSL 3.1) 仕様に従っているクライアントからの接続の試みを拒否します。 

Netscape 6.x/7.x および Mozilla ブラウザ (0.9.1 以降のバージョン) は、TLSの仕様を正しく実装しており、ユーザはこの問題のあるサイトを利用できません。

技術情報

The SSL 3.0 and TLS (aka SSL 3.1) specs both contain a provision -- the same provision -- for detecting "version rollback attacks". It is designed to permit a server to detect a man-in-the-middle that is altering the SSL client hello (connection) requests as they pass from the client to the server, altering them by changing the protocol version number to a lower version number. This feature was kind of meaningless until TLS (SSL 3.1) came along because there was no version higher than 3.0 from which to be rolled back. TLS is now available and used, and products that have implemented the roll-back detection incorrectly are not interoperable with TLS/SSL spec-compliant clients. Normally the servers which have this problem are not equipped to deal with the TLS protocol, but instead of rolling back to SSL 3.0 as the rollback provision provides, they terminate/drop the connection, thus resulting in most cases a blank page display.

For up-to-date information, you can read a Bugzilla bug report which keeps track of this problem with Mozilla-based browsers. See バグ 59321.

Servers currently known to exhibit this intolerant behavior

As of this writing, this problem has been reported for the following servers: (Wherever there is an upgraded version which fixes the problem, it is indicated by an asterisked remark in the parentheses. )

• Domino-Go-Webserver/4.6.2.6 (and perhaps some later versions)
• IBM_HTTP_Server/1.3.6.3 or earlier (* Update to 1.3.6.4)
• IBM_HTTP_Server/1.3.12.1 or earlier (* Update to 1.3.12.2)
• Java Web Server 2
• OSU/3.2 - DECthreads HTTP server for OpenVM
• Stronghold/2.2
• Webmail v. 3.6.1 by Infinite Technologies (* Update available)

N.B. There might be servers other than those listed above which exhibit this problem. If you find such a server, feel free to add it to this page. For up-to-date information, you can read this Bugzilla bug which keeps a list of TLS/SSL 3.0 intolerant servers.

Users: この問題を避けるには?

Netscape 6.1 Preview Release 1, または Mozilla 0.9.1 以前

These versions shipped with the TLS option turned ON as the default but with no way to deal with the problem servers. If you are using these old versions, please update to the latest Netscape or Mozilla versions. You can also avoid such a problem by editing an existing profile -- check the preference option setting at: Edit | Preferences | Privacy and Security | SSL | Enable TLS, and turn it OFF if it is ON for these earlier browsers.

Netscape 6.1 または Mozilla 0.9.2 以降

These browsers shipped with the TLS option ON but also included a graceful rollback mechanism on the client side when they encounter known TLS/SSL 3.0 intolerant servers.

Firefox 2 以降

Firefox 2から、SSL 2.0のサポートは最初から無効にされています; unless it is expressly re-enabled by the user using about:config. See Security in Firefox 2 for details.

Webサイト管理者: この問題を避けるには?

• Upgrade to a newer version if available, which corrects this problem. There will be other network clients which implement TLS/SSL 3.0 specification correctly and have a problem with your site. Let's not perpetuate the problem servers.
• Contact the manufacturer and inquire if there is a new version available which fixes this problem.
• Post a note on your site instructing users of old versions of browsers like Netscape 6.0/6.01/6.1 Preview Release 1 and Mozilla 0.9.1 and earlier to turn OFF the TLS option at: Edit | Preferences | Privacy and Security | SSL | Enable TLS. However, this is a temporary workaround at best. We recommend strongly that you urge users to upgrade to the latest Netscape version (or at least Netscape 6.1) since the newer versions have the graceful rollback implemented in the code.
• If you have questions concerning Netscape browsers and problem servers, please contact us using the feedback address at the top of this page.

Detecting intolerant servers

Because newer versions of Netscape and Mozilla have built-in workaround for the problem servers, it is now unlikely that you will experience this problem. But if you're running Netscape 6.0/6.01/6.1 PR 1 or Mozilla build (prior to 6/11/2001), you should look out for the symptom described below. You may also run this test with versions later than the older versions of Netscape 6.x or Mozilla -- just in case code changes in Netscape 6.1/Mozilla 0.9.2 or later may not catch all problem servers.

• When you find a secure site which simply does not display any page content or drops the connection, check to see if the preference option Edit | Preferences | Privacy and Security | SSL | Enable TLS is turned ON. If so, turn it OFF.
• Now re-visit the problem site. If the content displays this time, you are most likely witnessing a TLS/SSL 3.0 intolerant server.
• Report such a problem to the server's administrator.

How to report an intolerant server

• Optional: Get the name of the SSL server software used by the website. To do so, add https://toolbar.netcraft.com/site_report?url= to the beginning of the URL. The server software will appear next to Server under SSL Certificate Information.
  
  For instance, to check https://bugzilla.mozilla.org/, then visit https://toolbar.netcraft.com/site_rep...a.mozilla.org/.
• Add the information on such a server (software, URL) to this bug report at Bugzilla. (Note: You will be asked to provide your email address before you can file a bug at Bugzilla.)