Open
Bug 1142157
Opened 10 years ago
Updated 2 years ago
Warn in console on ssl_error_no_cypher_overlap with MTI cipher suite enabled
Categories
(DevTools :: General, defect)
DevTools
General
Tracking
(Not tracked)
NEW
People
(Reporter: davemgarrett, Unassigned)
References
(Blocks 1 open bug)
Details
If a domain produces an ssl_error_no_cypher_overlap error, and the MTI cipher suite for the server's TLS version is enabled in Firefox, then a console error message should be produced explicitly stating which MTI cipher suite the server should at minimum turn back on.
If a TLS 1.2 connection fails with no cipher overlap, then it should say:
"This site supports TLS 1.2, but has its mandatory to implement cipher suite disabled (TLS_RSA_WITH_AES_128_CBC_SHA)"
If a TLS 1.1 connection fails with no cipher overlap, then it should say:
"This site supports TLS 1.1, but has its mandatory to implement cipher suite disabled (TLS_RSA_WITH_3DES_EDE_CBC_SHA)"
No comparable message can be done for TLS 1.0 because Firefox has removed support for its MTI cipher suite (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA).
This type of interop failure is now happening as we're trying to phase out RC4 and discovering how annoyingly wide the problem of RC4-only servers is. In the specific case of TLS 1.2, it would be helpful to have an exact error message to point to with a simple solution.
|
||
Comment 1•10 years ago
|
||
The cipher suites that the TLS specifications say are mandatory are all terrible and basically obsolete. In particular, websites should be avoiding RSA key exchange whenever possible, so it doesn't make sense to mandate or even suggest that any TLS_RSA_* cipher suite is mandatory. It would make more sense to direct the site administrator to the documentation and tools that Mozilla has created at https://wiki.mozilla.org/Security/Server_Side_TLS.
|
Reporter | |
Comment 2•10 years ago
|
||
I agree that a general direction to something proper is a good idea for all ssl_error_no_cypher_overlap. However, when discussing this particular case it would be helpful to have a starting point that was very simple: just turn the MTI back on to start. That is guaranteed to be available, whereas better cipher suites may not be without additional work. (or at least cognitive load for the admin hopefully trying to fix things ASAP)
An error as proposed in comment 0 plus an additional message linking them to the doc in comment 1 would be ideal.
Arguably, all cipher suites not FS & AEAD should produce a message pointing to better alternatives, but that would probably flood the console with too much.
|
||
Comment 3•10 years ago
|
||
Cipher suite mismatch is not an only reason of ssl_error_no_cypher_overlap. Rather, all handshake_failure alerts on waiting for ServerHello will turn into ssl_error_no_cypher_overlap. For example, the most common reason of version fallback is ssl_error_no_cypher_overlap (modulo pr_end_of_file_error and pr_connect_reset_error).
Moreover, we don't tell what ServerHello version was when the handshake failed.
|
||
Updated•6 years ago
|
Product: Firefox → DevTools
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•