This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

TLS_EMPTY_RENEGOTIATION_INFO_SCSV query

0

I used wireshark to capture a SSL handshake and when I inspected the Client Hello packet and went to the Cipher Suites heading and I saw the following cipher:

Cipher Suite: TLS EMPTY RENEGOTIATION INFO SCSV (0x00ff)

(There should be an underscore where those spaces are)

I only see that when I inspect a SSL handshake if FireFox initiates the handshake, but if I used Chrome or Internet Explorer I don't see that. Why is that? I did google the cipher suite, but I didn't understand most of it. From what I could understand it was added with FireFox 8 and it has something to do with java.

asked 20 Oct '12, 09:56

Howlin1's gravatar image

Howlin1
6113
accept rate: 0%


One Answer:

2

This message is part of the TLS Secure Renegotiation protocol which was introduced to defeat a vulnerability in the original TLS session renegotiation protocol discovered 2009 and only fully handled by most server and client TLS implementations this year. The state of the TLS renegotiation process used by a particular client will depend in part on the underlying cryptographic provider (the latest Java and OpenSSL versions support the new process) and the options which have been set by the application which requests the cryptographic operation.

TLS clients which do not support the new secure renegotiation protocol will be refused by any properly patched TLS server if they submit an original style TLS renegotation request. (The most common use, AFAIK, of TLS renegotiation has been to allow an HTTPS server to request client certificate authentication after the original TLS handshake has been completed. This is used, for example, when the server considers some URL paths to require stronger client authentication than others, but cannot make that determination until after the initial HTTPS Request has been examined.

answered 23 Oct '12, 01:46

inetdog's gravatar image

inetdog
16717
accept rate: 14%

edited 24 Oct '12, 11:16

Ah okay, thanks :)

(24 Oct '12, 08:33) Howlin1