bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

Disable TLS_RSA_WITH_RC4_128_MD5 when SSL 3.0 is disabled




Security: PSM
3 years ago
3 years ago


(Reporter: briansmith, Unassigned)



Firefox Tracking Flags

(Not tracked)


Now that SSL 3.0 is disabled, and since RC4 has gotten so much bad press recently, it is likely that there are nearly zero servers that only support TLS_RSA_WITH_RC4_128_MD5. Thus, it makes sense to try to completely disable TLS_RSA_WITH_RC4_128_MD5 when SSL 3.0 is disabled.

I verified that the two servers mentioned in [1] now support non-RC4 cipher suites.

[1] https://code.google.com/p/chromium/issues/detail?id=118330
Sites to verify (based on Chrome bug reports):

* https://ws.missouristate.edu, https://missouristate.info
* https://www.blueshieldca.com (Now chooses AES-GCM)
* https://shb.ais.ucla.edu/ (seems to only support RC4-MD5 as of today, but it's currently serving a "hey you just installed your web server" placeholder so maybe it doesn't matter)
* https://cp.ucd.ie/ (currently won't load)
* https://bbce8.csuohio.edu/MACAuth/Login8Servlet
* https://www.sbbt.com/personal-home.php  (it should re-direct)
* https://www.pcfinancial.ca (now chooses AES-GCM)

Also, Wan-Teh found this blog post indicating that most versions of IIS prioritize this (the worst) cipher suite first:

> I also found a blog post (http://blog.ivanristic.com/2009/08/index.html)
> that explains why TLS_RSA_WITH_RC4_128_MD5 is widely used.
> 1. It's the default preferred cipher in most versions of IIS.  (I am not
>    sure if this is still true in the current versions of IIS.)
> 2. It is the fastest and least CPU intensive.

This IIS misconfigured-by-default behavior is a good motivation for making this change.

On the other hand, it isn't clear that the RC4-MD5 cipher suite is significantly worse than the RC4-SHA(1) cipher suite.
https://cmypage.kuronekoyamato.co.jp/portal/entrance?id=kojintop (from bug 1112110) supports nothing but TLS_RSA_WITH_RC4_128_MD5.
I'm not sure about the benefit of introducing the invisible relation between SSLv3 and RC4-MD5. If we want to disable RC4-MD5 by default, we should just flip the pref.
Also we don't offer RC4 cipher suites (including RC$-MD5) in the first handshake. The server preference matters little.


3 years ago
See Also: → bug 999544
(In reply to Masatoshi Kimura [:emk] from comment #3)
> Also we don't offer RC4 cipher suites (including RC$-MD5) in the first
> handshake. The server preference matters little.

Yes. If you do what I suggest in bug 1123932 comment 9, then this bug can also be RESOLVED INVALID or WONTFIX.
I'll drop SSLv3 support very soon, then this bug will be just disabling RC4-MD5. And I'll disable all RC4 cipher suites at once.
Last Resolved: 3 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.