Closed
Bug 1316300
Opened 8 years ago
Closed 7 years ago
Deprecate and remove: TLS CBC-mode ECDSA cipher suites
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla53
Tracking | Status | |
---|---|---|
firefox53 | --- | fixed |
People
(Reporter: u570621, Assigned: emk)
References
Details
(Keywords: dev-doc-needed, site-compat, Whiteboard: [psm-backlog])
Attachments
(1 file)
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20100101 Steps to reproduce: Catch up to chrome deprecating old/unused features related to security https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/EE8XpDJytBs https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/A-LcSmj5TBE
Updated•8 years ago
|
Assignee: nobody → nobody
Severity: normal → major
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: Trunk → trunk
Updated•8 years ago
|
Summary: Catch up to Chrome security → Deprecate and remove: TLS CBC-mode ECDSA cipher suites & TLS 1.2 ECDSA with SHA-1 and SHA-512 signature algorithms
Assignee | ||
Comment 1•8 years ago
|
||
The corresponding Chromium issue is not against BoringSSL, so Core/Security:PSM would be more appropriate our component.
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
Version: trunk → Trunk
Priority: -- → P3
Whiteboard: [psm-backlog]
Google finished the work on removing these. What is the progress on Mozilla's side?
Comment hidden (mozreview-request) |
Assignee | ||
Comment 4•7 years ago
|
||
Try run: https://treeherder.mozilla.org/#/jobs?repo=try&revision=b182f434a25ab7a6686b04b3a5dda0acf891d54b
Comment 5•7 years ago
|
||
mozreview-review |
Comment on attachment 8819518 [details] Bug 1316300 - Remove ECDSA_CBC cipher suites from TLS 1.3 ClientHello. https://reviewboard.mozilla.org/r/99254/#review100430 I'm a little unclear on how we would measure the compatibility impact of this. Just by monitoring changes in the SSL_TLS13_INTOLERANCE_REASON_* telemetry histograms?
Attachment #8819518 -
Flags: review?(dkeeler)
Also, :mt - thoughts on this?
Flags: needinfo?(martin.thomson)
Comment 7•7 years ago
|
||
The only real benefit to removing these is space savings in the ClientHello - the exposure we had to export grade ciphers isn't made worse by supporting these cipher suites. Key exchange and authentication with ECDHE and ECDSA is arguably stronger than RSA in all our supported cipher suites. There is a compatibility risk, though it's probably tiny for the reasons that David points out. I don't think that we need to rush into fixing these. That said, I'm OK with landing this in Firefox 53 as long as it rides the trains in the normal fashion. That gives us a few extra weeks to shake out the problems. FWIW, we're seeing very little of the CBC suites: https://mzl.la/2hFp7IL The 128-bit variant is 1M out of 216B samples, 256-bit is even less. We have no telemetry on signature algorithms.
Flags: needinfo?(martin.thomson)
Assignee | ||
Comment 8•7 years ago
|
||
Comment on attachment 8819518 [details] Bug 1316300 - Remove ECDSA_CBC cipher suites from TLS 1.3 ClientHello. (In reply to David Keeler [:keeler] (use needinfo?) from comment #5) > I'm a little unclear on how we would measure the compatibility impact of > this. Just by monitoring changes in the SSL_TLS13_INTOLERANCE_REASON_* > telemetry histograms? By monitoring changes in SSL_CIPHER_SUITE_FULL. Currently, we will negotiate ECDSA_CBC cipher suites when the servers prefer them, even if the servers support other cipher suites. By hiding ECDSA_CBC cipher suites behind the fallback, we will negotiate them only when the servers exclusively supports them. Only those servers will break when we remove ECDSA_CBC cipher suites. Re-requesting review because :mt said it's OK to ride this on the train.
Attachment #8819518 -
Flags: review?(dkeeler)
Comment 9•7 years ago
|
||
mozreview-review |
Comment on attachment 8819518 [details] Bug 1316300 - Remove ECDSA_CBC cipher suites from TLS 1.3 ClientHello. https://reviewboard.mozilla.org/r/99254/#review100820 Ok, I see how this will work. Hopefully TLS1.3 intolerance won't confuse the situation. r=me, but yeah, let's not uplift this or anything.
Attachment #8819518 -
Flags: review?(dkeeler) → review+
Comment 10•7 years ago
|
||
Pushed by VYV03354@nifty.ne.jp: https://hg.mozilla.org/integration/autoland/rev/0c0edf04c56f Remove ECDSA_CBC cipher suites from TLS 1.3 ClientHello. r=keeler
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → VYV03354
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 11•7 years ago
|
||
I didn't touch the signature algorithm issue. Due to MozReview's poor support for partial landing, it would be better to file a new bug for the remaining issue. Hence I filed it (bug 1325257).
Summary: Deprecate and remove: TLS CBC-mode ECDSA cipher suites & TLS 1.2 ECDSA with SHA-1 and SHA-512 signature algorithms → Deprecate and remove: TLS CBC-mode ECDSA cipher suites
Comment 12•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/0c0edf04c56f
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox53:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Comment 13•7 years ago
|
||
Posted the site compatibility note: https://www.fxsitecompat.com/en-CA/docs/2017/tls-cbc-mode-ecdsa-ciphers-have-been-removed/
Keywords: dev-doc-needed,
site-compat
You need to log in
before you can comment on or make changes to this bug.
Description
•