Closed Bug 1153964 Opened 5 years ago Closed 5 years ago
allow unrestricted RC4 fallback in beta and release
We've been seeing too much breakage by disabling RC4 fallback by default (see bug 1124039 comment 58). However, we still want to encourage site operators and developers to move to stronger ciphersuites, so for now we should allow RC4 fallback on beta and release, but continue to disable it on nightly and aurora (dev. edition).
You know I'm going to NAK this. ;-) Not least because the stats you quoted are out of date, the breakage is <1% now (see below in that bug). It's not a "please migrate stronger ciphersuite" thing: let's be clear, RC4 is far too dangerously weak for anyone to use for any purpose. It is however reasonable for the time being to present (red) warning interstitials rather than prevent browsing when falling back to RC4. Perhaps explore that?
Breakage percentages based on automated top sites crawling is useful data, but doesn't paint the whole picture (there are some long tails here). Using the "break the web" hammer for achieving security improvements is a very user-hostile approach, so we absolutely need to tread carefully. The dependency tree of https://bugzilla.mozilla.org/show_bug.cgi?id=1138101 (which is nearly guaranteed to just be the tip of the iceberg) is evidence enough that we're not ready to let this ride to our beta/release population yet.
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Attachment #8598881 - Flags: review?(cykesiopka.bmo)
Comment on attachment 8598881 [details] [diff] [review] patch Review of attachment 8598881 [details] [diff] [review]: ----------------------------------------------------------------- A bit sad about this approach as IMO it reduces the persuasiveness of TE arguments, but this does seem like a reasonable balance between risk and increased security at this time. Anyways, LGTM.
Attachment #8598881 - Flags: review?(cykesiopka.bmo) → review+
This change should be uplifted to 39 branch.
Comment on attachment 8598881 [details] [diff] [review] patch Approval Request Comment [Feature/regressing bug #]: disabling RC4 fallback (bug 1124039 and related) [User impact if declined]: users won't be able to use a number of https sites [Describe test coverage new/current, TreeHerder]: has some tests [Risks and why]: low - this is just a pref change [String/UUID change made/needed]: none
Attachment #8598881 - Flags: approval-mozilla-aurora?
Comment on attachment 8598881 [details] [diff] [review] patch Approved for uplift to aurora. From discussion on this bug and mailing lists and with keeler, sounds like we are still not ready to disable RC4.
Attachment #8598881 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment on attachment 8598881 [details] [diff] [review] patch FWIW this should just be: #ifndef RELEASE_BUILD per https://wiki.mozilla.org/Platform/Channel-specific_build_defines
I am assuming others have seen: https://www.rc4nomore.com/ https://www.rc4nomore.com/vanhoef-usenix2015.pdf Because of this, I think it is now time to get fallback removed on a more expedited basis. The trade off, in my opinion, no longer favours allowing RC4 to be negotiated.
You need to log in before you can comment on or make changes to this bug.