Compare TLS Extensions for Web Browsers

A table worth a thousand words! ;-)

ValueExtension nameReferenceFirefox 5.0IE 9.0Chrome 14.0Opera 11.50Safari 5.0Java SE 7
0server_nameRFC 6066
1max_fragment_lengthRFC 6066
2client_certificate_urlRFC 6066
3trusted_ca_keysRFC 6066
4truncated_hmacRFC 6066
5status_requestRFC 6066
6user_mappinRFC 4681
7client_authzRFC 5878
8server_authzRFC 5878
9cert_typeRFC 6091
10elliptic_curvesRFC 4492
11ec_point_formatsRFC 4492
12srpRFC 5054
13signature_algorithms[1]RFC 5246
14use_srtpRFC 5746
35SessionTicket TLSRFC 4507
13172
next_protocol_negotiation[2]
Draft
65281renegotiation_infoRFC 5746

Note that the data was from the observation of the TLS ClientHello message when visiting HTTPS web sites.

[1]: The signature_algorithms extension only appears in TLS 1.2
[2]: next_protocol_negotiation extension is in draft state, no official name and value.

Popular posts from this blog

TLS Server Name Indication Extension and Unrecognized_name

Image
Heavy Pond, Jianfengling National Forest Park, Ledong, Hainan, China It's getting hot that some TLS/HTTPS server failed with "unrecognized_name". For example, the Adobe AIR 3 Code Signing Certificate Problem , the ADT handshake alert , and the jarsigner issue with timestamp.geotrust.com , etc. This entry will discussion some background of the "unrecognized_name" alert, and the TLS Server Name Indication (SNI) extension. Background "Unrecognized_name" is an error alert, define by RFC4366 .  In section 4 of RFC4366 : - "unrecognized_name": this alert is sent by servers that receive a server_name extension request, but do not recognize the server name. This message MAY be fatal. And in section 3.1 of of RFC4366 : If the server understood the client hello extension but does not recognize the server name, it SHOULD send an "unrecognized_name" alert (which MAY be fatal). From above sections, we see that "unrecognized...
Read more

Use Braces Even For Single Line Statement

Image
On Feb. 21, 2014, Apple released security update for iOS that affected SSL/TLS connections. The impact is described as "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." And the CVSS v2 Base Score is 6.8(AV:N/AC:M/Au:N/C:P/I:P/A:P). What's the problem with it? Here is the Apple code : static OSStatus SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams, uint8_t *signature, UInt16 signatureLen) { ... if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0) goto fail; if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0) goto fail; goto fail; if ((err = SSLHashSHA1.final(&hashCtx, &has...
Read more

NIST Security Strength Time Frames

Security Strength Time Frames of NIST SP 800-57 Part 1 Security Strength 80 112 128 192 256 applying processing applying processing through 2010 acceptable acceptable acceptable acceptable acceptable acceptable acceptable 2011 through2013 deprecated legacy use acceptable acceptable acceptable acceptable acceptable 2014 through 2030 disallowed legacy use acceptable acceptable acceptable acceptable acceptable 2031 and Beyond disallowed legacy use disallowed legacy use acceptable acceptable acceptable Symmetric Algorithms 2TDEA 3TDEA AES-128 AES-192 AES-256 FFC (e.g., DSA, D-H) L = 1024 N = 160 L = 2048 N = 224 L = 3072 N = 256 L = 7680 N = 384 L = 15360 N = 512 IFC (e.g., RSA) k = 1024 k = 2048 k = 3072 k = 7680 k = 15360 ECC (e.g.,ECDSA) f = 160-223 f = 224-255 f = 256-383 f = 384-511 f = 512+ Digital Signatures and hash-only applications SHA-1, SHA-224, SHA-256, SHA-384, SHA-5...
Read more