Closed Bug 1384882 Opened 8 years ago Closed 8 years ago

Disable and delete support for TLS_RSA_WITH_3DES_EDE_CBC_SHA /DES-CBC3-SHA cipher suite per Sweet32 man-in-the-middle birthday attack

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 1227524

People

(Reporter: Virtual, Unassigned)

Details

(Keywords: nightly-community)

STR: 1. Open this website page - https://www.ssllabs.com/ssltest/viewMyClient.html and see that Firefox supports TLS_RSA_WITH_3DES_EDE_CBC_SHA, which is marked as WEAK cipher suite per real 112 bits intended security of key and 112 bits actual security given attacks possible on the cipher, while using 168 bits in key and 192 bits with including overhead like parity bits > Cipher Suites (in order of preference) > [...] > TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK 112 More information: https://sweet32.info/ https://sweet32.info/SWEET32_CCS16_slides.pdf https://sweet32.info/SWEET32_CCS16.pdf https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/ http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf http://csrc.nist.gov/publications/drafts/800-67r2/sp800-67r2-draft.pdf
Has Regression Range: --- → irrelevant
Has STR: --- → yes
Summary: (CVE-2016-2183) (CVE-2016-6329) Disable and delete support for TLS_RSA_WITH_3DES_EDE_CBC_SHA /DES-CBC3-SHA cipher suite per Sweet32 man-in-the-middle birthday attack → Disable and delete support for TLS_RSA_WITH_3DES_EDE_CBC_SHA /DES-CBC3-SHA cipher suite per Sweet32 man-in-the-middle birthday attack
Has Regression Range: irrelevant → ---
Has STR: yes → ---
QA Contact: Virtual
Group: firefox-core-security
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.