Closed Bug 1139778 Opened 5 years ago Closed 5 years ago

Hide 3DES from the first handshake

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED WONTFIX

People

(Reporter: emk, Unassigned)

References

Details

Attachments

(2 files)

I thought this would not make sense (see bug 1074130), but apparently I was wrong. See bug 1139756 why this helps.
No longer blocks: 1139756
See Also: → 1139756
See Also: → 1116893
See Also: → 1139479
See Also: 1139479
This is straightforward for beta.
Attachment #8574213 - Flags: review?(dkeeler)
For Nightly and Aurora, we need more changes because we disabled fallback for non-whitelisted site.
This patch will restore the fallback almost everywhere, but it will not enable RC4 in the fallback handshake unless the site is whitelisted.
I will not land this if bug 1139756 and bug 1116893 is fixed early enough.
Attachment #8574216 - Flags: review?(dkeeler)
(In reply to Masatoshi Kimura [:emk] from comment #2)
> This patch will restore the fallback

Only RC4 fallback will be restored. The version fallback will be still disabled.
Comment on attachment 8574216 [details] [diff] [review]
patch (nightly and aurora)

Review of attachment 8574216 [details] [diff] [review]:
-----------------------------------------------------------------

If I understand correctly, this is to work around a few servers that claim to support 3DES but if it's actually negotiated, they fail. I don't think it's worth the added complexity to handle these broken servers. I would support deprecating 3DES, but we could do that simply by flipping the enabled-by-default-bit (alternatively, we could treat it as a weak cipher like RC4).
Attachment #8574216 - Flags: review?(dkeeler) → review-
Comment on attachment 8574213 [details] [diff] [review]
patch (beta only)

Review of attachment 8574213 [details] [diff] [review]:
-----------------------------------------------------------------

I would support doing this, but we should investigate the telemetry to see if it's reasonable and we shouldn't uplift straight to beta if we do so. It's probably not worth doing this while we're also deprecating SSL 3 and RC4. I imagine the added complexity would make that already difficult task even more difficult.
Attachment #8574213 - Flags: review?(dkeeler)
(In reply to David Keeler [:keeler] (use needinfo?) from comment #4)
> I would
> support deprecating 3DES, but we could do that simply by flipping the
> enabled-by-default-bit (alternatively, we could treat it as a weak cipher
> like RC4).

The usage rate of 3DES is still too high to use whitelist [1].

[1] https://tools.ietf.org/agenda/91/slides/slides-91-saag-3.pdf#page=12
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Blocks: 1144065
See Also: → 1386754
You need to log in before you can comment on or make changes to this bug.