Closed Bug 1172617 Opened 10 years ago Closed 10 years ago

Tiles server supports weak 1024-bit Diffie-Hellman (DH)

Categories

(Content Services Graveyard :: Tiles: Ops, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: shahmeerbond, Assigned: relud)

Details

(Keywords: reporter-external)

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36 OPR/27.0.1689.76 Steps to reproduce: The webserver tiles.services.mozilla.com supports a highly outdated Diffie Hellman Key exchange service It is also known as the Logjam attaack I did several tests and verified this Here is the POC https://www.ssllabs.com/ssltest/analyze.html?d=tiles.services.mozilla.com&s=54.213.135.232&latest Actual results: The webserver supports the key exchange Expected results: It should be upgraded
Component: General → Tiles: Ops
Product: Mozilla Services → Content Services
Assignee: nobody → dthornton
The server does support one ciphersuite that uses 1024-bit DH keys. That's where Firefox currently draws the line of "acceptable" -- it's weak if your adversary is the NSA but probably OK otherwise so we allow that connection. The "Logjam attack" proper is the downgrading of keys to 512 bits and that's not possible here. Weak keys are just weak keys. Weak keys (especially super-weak keys due to a Logjam attack) allow for passive eavesdropping, not tampering. What is the traffic between Firefox and the Tiles server? I assume this is encrypted primarily for integrity reasons, not privacy. Or do we send user info on the pipe? From our privacy policy it doesn't sound terribly revealing: Tiles are a feature of Firefox displayed on new tab pages. In order to provide the tiles feature, Firefox sends to Mozilla data relating to the tiles such as number of clicks, impressions, your IP address, locale information and tile specific data (e.g., position and size of grid). On top of that, the tiles service is Firefox specific, and Firefox will never choose the ciphersuite with the weak DH keys. In practice there's no privacy problem here at all. If you want to increase your TLS grade on the Qualys scanner (and similar) just delete that suite from the list the server offers -- we're not using it.
Group: cloud-services-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Weak Diffie-Hellman (DH) → Tiles server supports weak 1024-bit Diffie-Hellman (DH)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Daniel, you resolved this fixed but with no further data. How was this fixed?
Flags: sec-bounty?
Flags: needinfo?(dthorn)
The security policy on the ELB has been changed to one that no longer includes the logjam vulnerable cipher.
Flags: needinfo?(dthorn)
Minusing for the bounty because 1024 bit ciphers are the low end of acceptability for ciphers but not inherently vulnerable. This isn't a dangerous security issue.
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.