It's not obvious that "security.tls.insecure_fallback_hosts" control RC4 fallback behaviour as well

RESOLVED FIXED

Status

()

Core
Security: PSM
RESOLVED FIXED
3 years ago
11 months ago

People

(Reporter: Eitan Caspi, Unassigned)

Tracking

38 Branch
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-blocked])

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150513174244

Steps to reproduce:

Hello,

I use FF 38.0.1 on Windows 7 SP1.

At start all of my RC4 ciphers are set to “True” (all 4 of them).

1. If “security.tls.unrestricted_rc4_fallback” is set to “False” – still FF connects, as a fallback, to both https://www.bankhapoalim.co.il and (only two ciphers - TLS_RSA_WITH_RC4_128_MD5 (0x4)  is first and TLS_RSA_WITH_RC4_128_SHA (0x5) is second) https://hb2.bankleumi.co.il/ (TLS_RSA_WITH_RC4_128_SHA (0x5) is first and TLS_RSA_WITH_RC4_128_MD5 (0x4) is second – the opposite of its former).
This behavior is stable across this setting a change online and then doing a page refresh or via a browser restart. It looks like FF doesn’t block the fallback into the RC4 ciphers for these sites.

On the other hand, for comparison, the site of https://www.fibi-online.co.il (only two ciphers - TLS_RSA_WITH_RC4_128_MD5 (0x4)  is first and TLS_RSA_WITH_RC4_128_SHA (0x5) is second) DOES get blocked if “security.tls.unrestricted_rc4_fallback” is set to “False”.

2. Online changes behavior (comparing the Hapoalim and Leumi sites):
A. A change for “security.ssl3.rsa_rc4_128_sha” in either toggle direction – does not apply. The change is applied only via FF restart
B. A change for “security.ssl3.rsa_rc4_128_md5” is applied online only for blocking but not for enabling. The change is applied only via FF restart.

Matrix of results (“security.tls.unrestricted_rc4_fallback” is False in all of the following scenarios):

***Restart***

Both ciphers are false:
Both sites are blocked with “ssl_error_no_cypher_overlap”

Both ciphers are true:
Hapoalim is OK, using MD5 (As expected)
Leumi is OK, using SHA (As expected)

SHA is False, MD5 is True:
Hapoalim is OK, using MD5 (As expected)
Leumi is OK, using MD5 (As expected – A fallback from the disabled SHA)

SHA is True, MD5 is False:
Hapoalim is OK, using SHA (As expected – A fallback from the disabled MD5)
Leumi is OK, using SHA

So, restart works fine in all cases.

***Online change and then a page refresh***

Initial (after FF restart) – both ciphers are True
Hapoalim is OK, using MD5 (As expected)
Leumi is OK, using SHA (As expected)
Online changing SHA to False and refreshing both pages
Hapoalim is OK, using MD5  (As expected)
Leumi stays with SHA – The change did not apply, online blocking doesn’t work (Bad).
**Doing a Restart**
Hapoalim is OK, using MD5 (As expected)
Leumi is OK, using MD5 (Fallback from the disabled SHA) (As expected)
Online changing SHA to True and refreshing both pages
Hapoalim is OK, using MD5 (As expected)
Leumi stays with MD5  – The change did not apply, online enabling doesn’t work (Bad).
So, it looks like online change for “security.ssl3.rsa_rc4_128_sha” in either toggle direction – does apply. It is applied only via FF restart.


Initial (after FF restart) – both ciphers are True
Hapoalim is OK, using MD5 (As expected)
Leumi is OK, using SHA (As expected)
Changing MD5 to False and refreshing both pages
Hapoalim is now using SHA, falling back since MD5 is now disabled (Good) (As expected)
Leumi stays with SHA (As expected)
Changing MD5 to True and refreshing both pages
Hapoalim stays with SHA – The change did not apply, online enabling doesn’t work (Bad).
Leumi stays with SHA (As expected)
So, it looks like online change for “security.ssl3.rsa_rc4_128_md5” is applied online only for blocking but not for enabling. It is applied only via FF restart.

As a helping reference, see both SSL server test for both sites, from Qualys:

Qualys SSL test for BankHapoalim
https://www.ssllabs.com/ssltest/analyze.html?d=www.bankhapoalim.co.il&s=81.218.18.149

Qualys SSL test for Leumi
https://www.ssllabs.com/ssltest/analyze.html?d=hb2.bankleumi.co.il

Qualys SSL test for Fibi
https://www.ssllabs.com/ssltest/analyze.html?d=fibi-online.co.il&s=62.128.33.11


Eitan Caspi


Actual results:

See above


Expected results:

See above
(Reporter)

Updated

3 years ago
OS: Unspecified → Windows 7
Hardware: Unspecified → x86
(Reporter)

Comment 1

3 years ago
OK, some updates:

1. You can also test using the site of https://www1.isracard.co.il/ which is behaving similar to the Fibi site

2. The Fibi and Isracard sites do get blocked if FF is starting with “security.tls.unrestricted_rc4_fallback” set to "False" and changing it online to be "True" and refreshing the pages works fine and the sites are loaded correctly with RC4 - but, the opposite doesn't work online - if you change the value to "False" and refresh the pages - the sites doesn't get blocked
Summary: Three RC4 issues → Several RC4 issues

Comment 2

3 years ago
A restart is required for some about:config changes to take effect — that's known and not a bug. If there's anything else that you're reporting here, numbered steps to reproduce, and succinct explanations of what's expected and the actual results would be appreciated.
https://developer.mozilla.org/docs/Mozilla/QA/Bug_writing_guidelines

As for the site problems, one bug report already existed; I filed the remaining three.
Bug 1138231
Bug 1165579
Bug 1165580
Bug 1165582

Comment 3

3 years ago
Hi Eitan,

Thanks for the report.

As mentioned in Comment 2, some prefs require a restart, some don't. This might just be a case of a cache returning previous content.

In any case, this is an advanced pref, so I don't think it needs to be restartless. I'll resolve this bug as invalid for now, but feel free to re-open if you really feel strongly about it.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Component: Untriaged → Security: PSM
OS: Windows 7 → All
Product: Firefox → Core
Hardware: x86 → All
Resolution: --- → INVALID
Summary: Several RC4 issues → Changing security.tls.unrestricted_rc4_fallback pref requires a restart to fully take effect
(Reporter)

Comment 4

2 years ago
You focused on the lesser important issue here.

The main issue is that turning the RC4 fallback setting to "False" doesn't always work as there are sites that DO load OK with RC4 when this setting set to "False".

Repro:

1. Set "security.tls.unrestricted_rc4_fallback" to falls. Make sure all of the RC4 ciphers are set to "True"

2. Clear all FF history and cache and whatever you wish

3. Exit FF

4. Open FF

5. Open the sites of
a. https://www.bankhapoalim.co.il/ - it will load OK (bad - fallback should not have worked as "security.tls.unrestricted_rc4_fallback" is set to "False")
b. https://hb2.bankleumi.co.il - it will load OK (bad - fallback should have not worked as "security.tls.unrestricted_rc4_fallback" is set to "False")
c. https://www.fibi-online.co.il  - will not load (good - since fallback is set to "False")
d. https://www1.isracard.co.il/  - will not load (good - since fallback is set to "False")

Please focus on this issue.
Thanks,

Eitan
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---

Comment 5

2 years ago
(In reply to Eitan Caspi from comment #4)
> You focused on the lesser important issue here.
> 
> The main issue is that turning the RC4 fallback setting to "False" doesn't
> always work as there are sites that DO load OK with RC4 when this setting
> set to "False".

Indeed, I misread your comments saying that restarts had no effect. Sorry about that!

> b. https://hb2.bankleumi.co.il - it will load OK (bad - fallback should have
> not worked as "security.tls.unrestricted_rc4_fallback" is set to "False")

Note that this site is no longer relevant; it's been fixed (see Bug 1138142, Bug 1165579 etc).

--------------------------------------

What is going on here is that https://hb2.bankleumi.co.il is part of the static whitelist found here:
  https://hg.mozilla.org/integration/mozilla-inbound/annotate/3e18d65b28c3/security/manager/ssl/src/IntolerantFallbackList.inc#l160

As such, if "security.tls.insecure_fallback_hosts.use_static_list" is set to true, TLS intolerance fallbacks *and* RC4 fallbacks will occur for this site, regardless of what the value of "security.tls.unrestricted_rc4_fallback" is.

The final two sites listed are not on the whitelist (yet), and certainly not on Firefox 38, so this behaviour does not occur.

However, the same thing will also happen if e.g. you set "security.tls.insecure_fallback_hosts" to "www.fibi-online.co.il".
Status: UNCONFIRMED → NEW
Depends on: 1124039
Ever confirmed: true
Summary: Changing security.tls.unrestricted_rc4_fallback pref requires a restart to fully take effect → It's not obvious that "security.tls.insecure_fallback_hosts.use_static_list" and "security.tls.insecure_fallback_hosts" control RC4 fallback behaviour as well

Updated

2 years ago
Blocks: 1124039
No longer depends on: 1124039
(Reporter)

Comment 6

2 years ago
Wow, OMG - you whithelist RC4 site globally in an online location. Amazing.

OK, I turned "security.tls.insecure_fallback_hosts.use_static_list" to "false" and now all RC4 sites are blocked.

BTW, https://hb2.bankleumi.co.il/ removed any RC4 support as I checked it now using
https://www.ssllabs.com/ssltest/analyze.html?d=hb2.bankleumi.co.il

I guess if the whole thing was explained better (at all?) somewhere in the web, it would have save the need for this bug (may it help others bumping into the same issue)

I guess you can close this bug if see fit.
The static list is gone.
Also, we have a UI to maintain "security.tls.insecure_fallback_hosts" now.
Summary: It's not obvious that "security.tls.insecure_fallback_hosts.use_static_list" and "security.tls.insecure_fallback_hosts" control RC4 fallback behaviour as well → It's not obvious that "security.tls.insecure_fallback_hosts.use_static_list" control RC4 fallback behaviour as well
Summary: It's not obvious that "security.tls.insecure_fallback_hosts.use_static_list" control RC4 fallback behaviour as well → It's not obvious that "security.tls.insecure_fallback_hosts" control RC4 fallback behaviour as well
When we ship bug 1268728, this won't be an issue.
Depends on: 1268728
Whiteboard: [psm-blocked]

Comment 9

11 months ago
Fixed by removing RC4 fallback.
Status: NEW → RESOLVED
Last Resolved: 3 years ago11 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.