Closed Bug 1325257 Opened 7 years ago Closed 1 year ago

Deprecate and remove: TLS 1.2 ECDSA with SHA-1 and SHA-512 signature algorithms

Categories

(Core :: Security: PSM, task, P3)

Product:
Core
Component:
Security: PSM
Type:
task

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1600437
Tracking Flags:
Tracking Status
firefox53 --- affected

People

(Reporter: emk, Unassigned)

References

Details

(Whiteboard: [psm-backlog][psm-deprecation]) 

+++ This bug was initially created as a clone of Bug #1316300 +++

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20100101

Steps to reproduce:

Catch up to chrome deprecating old/unused features related to security

https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/A-LcSmj5TBE
Should this bug also deprecate https://bugzilla.mozilla.org/show_bug.cgi?id=1316300 for TLS 1.1?

mib_vcdhrr asked on irc.

Is there any intent to do this change this year?
Flags: needinfo?(ttaubert)
Flags: needinfo?(franziskuskiefer)
I don't see a reason to deprecate cipher suites with SHA512 (Chrome is doing it is not a good reason). For ECDSA with SHA1 we should do some canary run to see what we break. Unfortunately this information doesn't seem exposed via prefs so it requires code changes first.
I don't think this is very high on any priority list.
Flags: needinfo?(franziskuskiefer)
Thanks
Flags: needinfo?(ttaubert)
If I understand this correctly, this is about deprecating TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a).

These suites are no longer exposed in TLSv1.3 handshake, but are exposed in TLSv1.2 and lower.

A TLS Canary run should be made, with those suits enabled and disabled. Neither has been supported by Chrome in quite some time, so I do not expect any relevant breakage.

Probably best to remove them IMO.
The ones that need to be tested in TLS Canary are:

security.ssl3.ecdhe_ecdsa_aes_128_sha
security.ssl3.ecdhe_ecdsa_aes_256_sha

If this change were to be made, it would be preferable to get it done in time for Firefox 60 ESR so that those cipher suits do not hang around for another year.
Flags: needinfo?(mwobensmith)
These ciphersuites happen to be the best ciphersuites we can negotiate with TLS 1.0.  I don't see any reason to remove them unless we also intend to remove TLS 1.0.
(In reply to Martin Thomson [:mt:] from comment #6)
> These ciphersuites happen to be the best ciphersuites we can negotiate with
> TLS 1.0.  I don't see any reason to remove them unless we also intend to
> remove TLS 1.0.

Please note that this is about the ECDSA cipher suites, not RSA cipher suites.

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

have not been supported by Chrome in over a year, and in my personal testing are not used on the internet anymore. I only wanted a TLS Canary run to get some in-house mozilla numbers for it too.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

will remain. TLSv1.0 support thus remains unaffected.
Using Fx60, and turning off just the two suites mentioned in comment 5, the canary did not find any breakage.
Flags: needinfo?(mwobensmith)
QA Whiteboard: qa-not-actionable

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Severity: major → --
Severity: -- → N/A
Type: defect → task
Whiteboard: [psm-backlog] → [psm-backlog][psm-deprecation]
Status: NEW → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1600437
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.