1499759 - Prefer other ciphers over 3DES

Status: RESOLVED DUPLICATE of bug 1227524

(Core :: Security: PSM, defect)

Description

[Mateusz Jończyk]

User Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:62.0) Gecko/20100101 Firefox/62.0

Steps to reproduce:

I visited the website 
            ppuslugi.mf.gov

As can be seen on
            https://www.ssllabs.com/ssltest/analyze.html?d=ppuslugi.mf.gov.pl
this website (as of the time of writing) prefers the 3DES cipher:

            # TLS 1.2 (suites in server-preferred order)
            TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK 	112
            TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK 	128
            TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK 	256


Actual results:

Firefox connected to the website over 3DES, as can be seen in Page Info -> Security tab.


Expected results:

Firefox should have used the AES cipher, either AES128 or AES256 variant.

As can be read on
        https://sweet32.info/#impact
- Web servers and VPNs should be configured to prefer 128-bit ciphers. According to our scans, about 1.1% of the top 100k web server from Alexa, and 0.5% of the top 1 million, support AES but prefer to use 3DES.
- Web browsers should offer 3DES as a fallback-only cipher, to avoid using it with servers that support AES but prefer 3DES.

Comment 2

[Mateusz Jończyk]

I propose that Firefox would use 3DES only as a last resort - i.e. that it would ignore the server-preferred cipher order and do not use 3DES when the server supports other, better ciphers (like AES). But when the server supports only 3DES (or if 3DES is the best cipher that the server can offer), Firefox would use it.

This way, website compatibility problems could be avoided.

This was the intent of the bug from the beginning - please excuse me for not writing clearly before.

So, please remove the DUPLICATE tag.

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Whatever we do regarding deprecating 3DES we can do in the bug we already have.