User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 Build ID: 20161208153507 Steps to reproduce: I have read several articles and white papers about what SSL / TLS ciphers are considered secure by cryptography experts. A short summary: 1) To enable forward secrecy, the key exchange should be done via "ephemeral" methods (those with "E" at the end of their names, e.g. DHE or ECDHE). 2) AES in GCM mode should be used as payload encryption method. 3) Elliptic curves should NOT be used, at least not the curves from NIST, because they are suspected to be weakened intentionally by mechanisms which are unknown yet. This means that that all ECDHE... ciphers are out of the game. 4) SHA256 or higher is considered safe enough to be used as hashing / digest method. Firefox does not offer a single cipher which fulfills all of these criteria. Steps to reproduce (method #1): In Firefox, open "about:config". Type "SSL3" into the search box to view the list of available SSL / TLS ciphers. Alternative steps to reproduce (method #2): Using Firefox, surf to a website which is configured securely, i.e. which only offers ciphers which use DHE (and not ECDHE) for key exchange, AES-GCM for data encryption and SHA256, SHA384 or SHA512 for hashing / digesting. Actual results: Method #1: There is no cipher which fulfills all of the criteria mentioned above. Notably, all ciphers which use AES-GCM also use the contaminated ECDHE for key exchange; there is no cipher which offers AES-GCM and the secure DHE key exchange. Method #2: Firefox can't establish a connection to the website and warns about that fact. IMHO, Firefox's inability to use secure SSL / TLS ciphers is a serious security problem. The fact that other browsers might have the same problem does not make the problem less serious in any way. Expected results: Method #1: There should at least be one cipher in the list which fulfills the criteria mentioned above, i.e. something like that: security.ssl3.dhe_rsa_aes_256_gcm_sha384 (note the dhe ... instead of ecdhe ...). Method #2: Firefox should very happily grab the chance to establish a connection to the most secure website it ever has seen, and inform the user about the fact that the website's administrator really deserves a big pizza. Well, not really, but you get the idea ...
10 months ago
Hi Binarus, this is an issue that should be discussed in a public form rather than on a bug tracker. mozilla.dev.security or mozilla.dev.security.policy would be good places to start. I'm going to close this bug until it's clear we should make a change to what ciphersuites Firefox enables.  https://groups.google.com/forum/#!forum/mozilla.dev.security or email@example.com  https://groups.google.com/forum/#!forum/mozilla.dev.security.policy or firstname.lastname@example.org