Closed Bug 1136095 Opened 7 years ago Closed 5 years ago
_MALFORMED _SERVER _KEY _EXCH with RSA _EXPORT _WITH _DES _CBC _SHA or *_RC4 _56 _SHA, when using 2048 server key and TLS 1 .2
After landing bug 1129573 our automated tests report a new failure. The following combination of parameters results in SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH reported by the NSS client: - RSA server certificate with key size 2048 - cipher RSA_EXPORT_WITH_DES_CBC_SHA (-c l) or cipher RSA_EXPORT_WITH_RC4_56_SHA (-c m) - TLS 1.2 Changing ANY (at least one) of the above parameters works: - Using server key size 1024 works (using certificate data from an older test run) - Using TLS 1.1 or older works - All other ciphers work
Either the mentioned combination of parameters should work, or, if the combination is invalid, NSS should refuse to use it, instead of sending a broken server key exchange message. I think the patch that triggered these failures shouldn't be seen as a regression, and I'd prefer to keep the patch. Rather, we should address these failures. I've temporarily disabled the affected tests: https://hg.mozilla.org/projects/nss/rev/ae0710a52477
Use the correct syntax to disable the tests (and avoid failures caused by empty lines): https://hg.mozilla.org/projects/nss/rev/807b7ed8e175
The symbolic names of those ciphers are > TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */ > TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */ . The code points are > #define TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x0062 > #define TLS_RSA_EXPORT1024_WITH_RC4_56_SHA 0x0064 . * Those cipher suites intentionally restrict the key size to 1024-bit because of the US export restriction. * Although those cipher suites have never been officially registered to IANA registry , TLS 1.1+ does not allow export cipher suites anymore . So I don't think it is a valid combination. (I don't know why EXPORT1024 + TLS 1.1 "works".)  https://mxr.mozilla.org/nss/source/cmd/selfserv/selfserv.c?rev=ab3a00d03c39#119  https://mxr.mozilla.org/nss/source/lib/ssl/sslproto.h?rev=970075886b70#187  https://www.iana.org/assignments/tls-parameters/tls-parameters.txt "0x00,0x60-66 Reserved to avoid conflicts with widely deployed implementations [Pasi_Eronen]"  https://tools.ietf.org/html/rfc4346#appendix-A.5
We also have bustage on the memleak build/test machine, I've removed ciphers m and l until we can get this bug fixed: https://hg.mozilla.org/projects/nss/rev/66b2e2f83a84
"Fixed" by removing export ciphers in bug 1252849.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.