Closed
Bug 1172617
Opened 10 years ago
Closed 10 years ago
Tiles server supports weak 1024-bit Diffie-Hellman (DH)
Categories
(Content Services Graveyard :: Tiles: Ops, defect)
Content Services Graveyard
Tiles: Ops
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: shahmeerbond, Assigned: relud)
Details
(Keywords: reporter-external)
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36 OPR/27.0.1689.76
Steps to reproduce:
The webserver tiles.services.mozilla.com supports a highly outdated Diffie Hellman Key exchange service
It is also known as the Logjam attaack
I did several tests and verified this
Here is the POC
https://www.ssllabs.com/ssltest/analyze.html?d=tiles.services.mozilla.com&s=54.213.135.232&latest
Actual results:
The webserver supports the key exchange
Expected results:
It should be upgraded
Assignee | ||
Updated•10 years ago
|
Component: General → Tiles: Ops
Product: Mozilla Services → Content Services
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → dthornton
Comment 1•10 years ago
|
||
The server does support one ciphersuite that uses 1024-bit DH keys. That's where Firefox currently draws the line of "acceptable" -- it's weak if your adversary is the NSA but probably OK otherwise so we allow that connection. The "Logjam attack" proper is the downgrading of keys to 512 bits and that's not possible here. Weak keys are just weak keys.
Weak keys (especially super-weak keys due to a Logjam attack) allow for passive eavesdropping, not tampering. What is the traffic between Firefox and the Tiles server? I assume this is encrypted primarily for integrity reasons, not privacy. Or do we send user info on the pipe? From our privacy policy it doesn't sound terribly revealing:
Tiles are a feature of Firefox displayed on new tab pages. In order to provide
the tiles feature, Firefox sends to Mozilla data relating to the tiles such as
number of clicks, impressions, your IP address, locale information and tile
specific data (e.g., position and size of grid).
On top of that, the tiles service is Firefox specific, and Firefox will never choose the ciphersuite with the weak DH keys. In practice there's no privacy problem here at all.
If you want to increase your TLS grade on the Qualys scanner (and similar) just delete that suite from the list the server offers -- we're not using it.
Group: cloud-services-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Weak Diffie-Hellman (DH) → Tiles server supports weak 1024-bit Diffie-Hellman (DH)
Assignee | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Comment 2•10 years ago
|
||
Daniel, you resolved this fixed but with no further data. How was this fixed?
Flags: sec-bounty?
Flags: needinfo?(dthorn)
Assignee | ||
Comment 3•10 years ago
|
||
The security policy on the ELB has been changed to one that no longer includes the logjam vulnerable cipher.
Flags: needinfo?(dthorn)
Comment 4•10 years ago
|
||
Minusing for the bounty because 1024 bit ciphers are the low end of acceptability for ciphers but not inherently vulnerable. This isn't a dangerous security issue.
Flags: sec-bounty? → sec-bounty-
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•