Closed Bug 1264379 Opened 8 years ago Closed 8 years ago

HTTP/2 connections without AES-128 (but with AES-256) don't work

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
45 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: thomas, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20141126041045

Steps to reproduce:

My Nginx webserver has HTTP/2 enabled, ECDH+AES256 enabled, and AES128 disabled.


Actual results:

When trying to connect with Firefox, no connection can be established and Firefox fails silently.
No error message is shown, no connection error is seen in the network log, and no error is logged in the console.
Adding ECDH+AES128 to the config fixes the issue and Firefox will connect.


Expected results:

I found some information that AES-128 is a hard requirement of HTTP/2, but I could not find this in the standard (there is a Blacklist though, and AES-256 is not blacklisted).
At the very least Firefox should display an error and provide means to debug the issue via the built in debug tools or error console.

Disabling HTTP/2 while AES-128 is disabled will also fix it, so Firefox can connect using AES-256 with ECDH, but only with HTTP/1.1.
I assume the core issue is, that the mandatory requirement mentioned here is not met: https://tools.ietf.org/html/rfc7540#section-9.2.2
However, I do not see why Firefox can't use the other supported strong ciphers.

The point of lacking error/debug information remains valid in any case.
Component: Untriaged → Security
Product: Firefox → Core
The lack of messaging is being addressed in bug 1122642.
Here are the cipher suites Firefox currently enables: https://dxr.mozilla.org/mozilla-central/rev/21bf1af375c1fa8565ae3bb2e89bd1a0809363d4/security/manager/ssl/nsNSSComponent.cpp#1077
If the cipher suites your server is enabling aren't on that list (and aren't allowed for H2), then (as you've seen) the connection will fail.
The requirement that deployments of H2 support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is in this section of the rfc: https://tools.ietf.org/html/rfc7540#section-9.2.2
The server violates the HTTP/2 requirement. The messaging issue is tracked in bug 1122642. Enabling AES-256-GCM in general is tracked in bug 975832. There's nothing to be tracked in this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.