Deprecate and remove: TLS 1.2 ECDSA with SHA-1 and SHA-512 signature algorithms

NEW
Unassigned

Status

()

defect
P3
major
2 years ago
10 months ago

People

(Reporter: emk, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox53 affected)

Details

(Whiteboard: [psm-backlog])

(Reporter)

Description

2 years ago
+++ This bug was initially created as a clone of Bug #1316300 +++

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20100101

Steps to reproduce:

Catch up to chrome deprecating old/unused features related to security

https://groups.google.com/a/chromium.org/forum/#!topic/net-dev/A-LcSmj5TBE
Should this bug also deprecate https://bugzilla.mozilla.org/show_bug.cgi?id=1316300 for TLS 1.1?

mib_vcdhrr asked on irc.

Is there any intent to do this change this year?
Flags: needinfo?(ttaubert)
Flags: needinfo?(franziskuskiefer)
I don't see a reason to deprecate cipher suites with SHA512 (Chrome is doing it is not a good reason). For ECDSA with SHA1 we should do some canary run to see what we break. Unfortunately this information doesn't seem exposed via prefs so it requires code changes first.
I don't think this is very high on any priority list.
Flags: needinfo?(franziskuskiefer)
Thanks
Flags: needinfo?(ttaubert)

Comment 4

a year ago
If I understand this correctly, this is about deprecating TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a).

These suites are no longer exposed in TLSv1.3 handshake, but are exposed in TLSv1.2 and lower.

A TLS Canary run should be made, with those suits enabled and disabled. Neither has been supported by Chrome in quite some time, so I do not expect any relevant breakage.

Probably best to remove them IMO.

Comment 5

a year ago
The ones that need to be tested in TLS Canary are:

security.ssl3.ecdhe_ecdsa_aes_128_sha
security.ssl3.ecdhe_ecdsa_aes_256_sha

If this change were to be made, it would be preferable to get it done in time for Firefox 60 ESR so that those cipher suits do not hang around for another year.
Flags: needinfo?(mwobensmith)
These ciphersuites happen to be the best ciphersuites we can negotiate with TLS 1.0.  I don't see any reason to remove them unless we also intend to remove TLS 1.0.

Comment 7

a year ago
(In reply to Martin Thomson [:mt:] from comment #6)
> These ciphersuites happen to be the best ciphersuites we can negotiate with
> TLS 1.0.  I don't see any reason to remove them unless we also intend to
> remove TLS 1.0.

Please note that this is about the ECDSA cipher suites, not RSA cipher suites.

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

have not been supported by Chrome in over a year, and in my personal testing are not used on the internet anymore. I only wanted a TLS Canary run to get some in-house mozilla numbers for it too.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

will remain. TLSv1.0 support thus remains unaffected.
Using Fx60, and turning off just the two suites mentioned in comment 5, the canary did not find any breakage.
Flags: needinfo?(mwobensmith)

Comment 9

a year ago
Unless there are any comments against this proposal, I suggest we implement the disabling/removal of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SH and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA in Firefox as soon as possible.
Comment hidden (advocacy)
You need to log in before you can comment on or make changes to this bug.