Closed Bug 1537701 Opened 6 years ago Closed 6 years ago

Update default SSL ciphers and protocols for Android Q

Categories

(Firefox for Android Graveyard :: Android Sync, defect, P1)

Product:
Firefox for Android Graveyard
Component:
Android Sync
Platform:
ARM64
Android
Type:
defect

Tracking

(relnote-firefox -, geckoview66 wontfix, firefox-esr60 wontfix, firefox66 wontfix, firefox67 wontfix, firefox67.0.1- wontfix, firefox68 verified)

Status:
VERIFIED FIXED
Milestone:
Firefox 68
Tracking Flags:
Tracking Status
relnote-firefox --- -
geckoview66 --- wontfix
firefox-esr60 --- wontfix
firefox66 --- wontfix
firefox67 --- wontfix
firefox67.0.1 - wontfix
firefox68 --- verified

People

(Reporter: heftig, Assigned: petru)

References

Details

(Whiteboard: [geckoview:fenix:m7] [bcs:p2])

Attachments

(1 file)

Bug 1537701 - Update SSL ciphers and protocols for Android Q; r?Grisha
47 bytes, text/x-phabricator-request
Details | Review

I recently updated my Pixel device to the Android Q beta. Since then, Firefox Nightly no longer syncs.

Log from a sync attempt:

03-21 10:06:06.149 29236 29236 I FxAccounts: fennec_aurora :: FirefoxAccounts :: Requesting sync.
03-21 10:06:06.149 29236 29236 I FxAccounts: fennec_aurora :: FirefoxAccounts :: Sync options -- scheduling now: true
03-21 10:06:06.164 29236 29236 I FxAccounts: fennec_aurora :: FxAccountStatusFragment :: Got sync started message; refreshing.
03-21 10:06:06.166 29236  8487 I FxAccounts: fennec_aurora :: FxAccountSyncAdapter :: Syncing FxAccount account named like XXX.XXXXXXXX@XXXXX.XXX for authority org.mozilla.fennec_aurora.db.browser with instance org.mozilla.gecko.fxa.sync.FxAccountSyncAdapter@77671d7.
03-21 10:06:06.167 29236  8487 I FxAccounts: fennec_aurora :: FxAccountSyncAdapter :: Account last synced at: -1
03-21 10:06:06.167 29236  8487 I FxAccounts: fennec_aurora :: FirefoxAccounts :: Sync options -- scheduling now: true
03-21 10:06:06.172 29236  8487 D GeckoLogger: Thread with tag and thread id acquiring lock: FxAccountSyncAdapter, 10356 ...
03-21 10:06:06.172 29236  8487 D GeckoLogger: Thread with tag and thread id acquiring lock: FxAccountSyncAdapter, 10356 ... ACQUIRED
03-21 10:06:06.200   775  8488 E ResolverController: No valid NAT64 prefix (233,<unspecified>/0)
03-21 10:06:06.202 29236  8489 I FxAccounts: fennec_aurora :: LoginStateMachineDelegate :: handleTransition: Log(java.io.IOException) to Engaged
03-21 10:06:06.202 29236  8489 I FxAccounts: fennec_aurora :: LoginStateMachineDelegate :: handleFinal: in Engaged
03-21 10:06:06.203 29236  8489 I FxAccounts: fennec_aurora :: AndroidFxAccount :: Moving account named like XXX.XXXXXXXX@XXXXX.XXX to state Engaged
03-21 10:06:06.207 29236  8489 I FxAccounts: fennec_aurora :: FxAccountNotificationManager :: State Engaged needs action; offering notification with title: Sync is not connected
03-21 10:06:06.208 29236  8489 W Notification: Use of stream types is deprecated for operations other than volume control
03-21 10:06:06.208 29236  8489 W Notification: See the documentation of setSound() for what to use instead with android.media.AudioAttributes to qualify your playback use case
03-21 10:06:06.209 29236  8489 I FxAccounts: fennec_aurora :: LoginStateMachineDelegate :: handleNotMarried: in Engaged
03-21 10:06:06.209 29236  8489 I FxAccounts: fennec_aurora :: FxAccountSchedulePolicy :: Scheduling periodic sync for 60.
03-21 10:06:06.209 29236  8489 W FxAccounts: fennec_aurora :: FxAccountSyncAdapter :: Cannot sync from state: Engaged
03-21 10:06:06.210 29236  8487 D GeckoLogger: Thread with tag and thread id releasing lock: FxAccountSyncAdapter, 10356 ...
03-21 10:06:06.210 29236  8487 D GeckoLogger: Thread with tag and thread id releasing lock: FxAccountSyncAdapter, 10356 ... RELEASED
03-21 10:06:06.210 29236  8487 I FxAccounts: fennec_aurora :: FxAccountSyncAdapter :: Syncing done.
03-21 10:06:06.214  1330  1821 W SyncManager: failed sync operation JobId=101490 ***/org.mozilla.fennec_aurora_fxaccount u0 [org.mozilla.fennec_aurora.db.browser] OTHER ExpectedIn=0s EXPEDITED STANDBY-EXEMPTED(TOP) Reason=10149, SyncResult: stats [ numIoExceptions: 1 numUpdates: 1]
03-21 10:06:06.218 29236 29236 I FxAccounts: fennec_aurora :: FxAccountStatusFragment :: Got sync finished message; refreshing.
03-21 10:06:06.219 29236  8489 I FxADeviceListUpdater: Beginning FxA device list update.
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: Error while getting the FxA device list.
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: java.io.IOException
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:326)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.sync.net.BaseResource.retryRequest(BaseResource.java:349)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:330)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.sync.net.BaseResource.go(BaseResource.java:373)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.sync.net.BaseResource.get(BaseResource.java:379)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.background.fxa.FxAccountClient20.deviceList(FxAccountClient20.java:897)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.devices.FxAccountDeviceListUpdater.update(FxAccountDeviceListUpdater.java:121)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.devices.FxAccountDeviceListUpdater.updateAndMaybeRenewRegistration(FxAccountDeviceListUpdater.java:128)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.sync.FxAccountSyncAdapter.onSessionTokenStateReached(FxAccountSyncAdapter.java:495)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.sync.FxAccountSyncAdapter.access$300(FxAccountSyncAdapter.java:74)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.sync.FxAccountSyncAdapter$3.handleNotMarried(FxAccountSyncAdapter.java:668)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.authenticator.FxADefaultLoginStateMachineDelegate.handleFinal(FxADefaultLoginStateMachineDelegate.java:78)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.login.FxAccountLoginStateMachine$ExecuteDelegate.handleTransition(FxAccountLoginStateMachine.java:64)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.fxa.login.BaseRequestDelegate.handleError(BaseRequestDelegate.java:47)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.background.fxa.FxAccountClient20$1.run(FxAccountClient20.java:173)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at java.lang.Thread.run(Thread.java:914)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: Caused by: java.lang.IllegalArgumentException: cipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is not supported.
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at com.android.org.conscrypt.NativeCrypto.checkEnabledCipherSuites(NativeCrypto.java:1122)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at com.android.org.conscrypt.SSLParametersImpl.setEnabledCipherSuites(SSLParametersImpl.java:225)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at com.android.org.conscrypt.ConscryptFileDescriptorSocket.setEnabledCipherSuites(ConscryptFileDescriptorSocket.java:731)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.internalPrepareSocket(SSLSocketFactory.java:499)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:506)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:377)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:145)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:860)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at ch.boye.httpclientandroidlib.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	at org.mozilla.gecko.sync.net.BaseResource.execute(BaseResource.java:308)
03-21 10:06:06.226 29236  8489 E FxADeviceListUpdater: 	... 17 more
03-21 10:06:06.233 29236 29261 I GeckoConsole: While creating services from category 'android-push-service', could not create service for entry 'FxAccountsPush', contract ID '@mozilla.org/fxa-push;1'

The SSLEngine docs seem to say that TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is no longer supported as of API level 29.

Pixel 3 XL, Android QPP1.190205.018.B4, Nightly 2019-03-20

03-21 10:06:06.226 29236 8489 E FxADeviceListUpdater: Error while getting the FxA device list.

Looks like this error is happening when trying to talk to the FxA servers; adding a bunch of Ops folks so we can dig in.

Possibly-related TLS config discussion in Bug 1475432.

See Also: → 1475432

Ah, so IIUC, the code in the comment above is asking to enable the "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" ciphersuite, and android is refusing because it's been removed in API level 29. So we may need a if (Versions.feature20Plus) branch added to that logic in order to set the right ciphersuites for newer Android models.

Checking the list against the linked docs, the following requested ciphersuites are not longer available in API level 29:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Would it be possible to add the check and the separate branch?

As we updated to Android Q we accepted that things will be broken, so it has been in our responsibility.

ATM we cannot use Firefox with sync anymore.

Firefox (stable) crashs on start
Firefox beta crashs on start
Firefox Nightly works but sync doesnt't
Fennec F-Droid crashs on start

Would be great if sync would be possible in Nightly to get the passwords and tabs synchronized again.

Priority: -- → P1
Flags: needinfo?(vlad.baicu)

We're currently waiting on an Android Q device, didn't have much luck with the emulator. We will look into it as soon as we get one

Flags: needinfo?(vlad.baicu)

In Bug 1508390 I updated the Firefox Accounts load balancer ssl ciphers to a stronger set. Since I was already looking at ssl ciphers I decided to compare the different policies for AWS, GCP, and Mozilla. My goal was to see if it'd be possible to switch Firefox Accounts to TLSv1.2-only.

Given that Firefox for Android requires a minimum OS version of 4.1, which corresponds with API level 16 and that the Sync 1.1 bits are. I propose that we make the following changes:

For ssl protocols change DEFAULT_PROTOCOLS to TLSv1.2 only. API level 16+ supports TLSv1.2, and TLSv1.3 isn't widely deployed enough to enable it yet.

For ssl ciphers with API level 24+ change DEFAULT_CIPHER_SUITES to:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

AES-GCM and ChaCha20-Poly1305 are the most secure choices for TLSv1.2, and continue to prioritize battery life by prioritizing AES-128 over AES-256. The addition of ChaCha20-Poly1305 should also improve battery life on Android devices that don't support AES hardware acceleration.

For ssl ciphers with API level 20+ change DEFAULT_CIPHER_SUITES to:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Same reasoning as API level 24+, minus the ChaCha20-Poly1305 ciphers since those weren't supported yet

For ssl ciphers with API level 16+ change DEFAULT_CIPHER_SUITES to:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Android only added support for SHA-2 hashes in API level 20+, so these are the best we can do for API level 16-19 devices.

Before making this change we'll also want to verify this proposal with security folks and that all of the firefox services support these ciphers.

Before making this change we'll also want to verify this proposal with security folks and that all of the firefox services support these ciphers.

:ulfr, could you please help us find someone to vet the proposal in Comment 7 above?

Flags: needinfo?(jvehent)

This seems very reasonable to me.

Are we only talking about making these changes in the client, or do you want to disable TLSv1.0 and 1.1 in the load balancers as well? If so, we need logs to make sure we won't break older clients (<cough>samsung</cough>).

Flags: needinfo?(jvehent)

Just in the client for now. I can't speak for other services, but Firefox Accounts sees 99.99% TLSv1.2 traffic at the moment. If other services are in the same ballpark we could definitely look at implementing that change.

Grisha - Is there a list of services that Firefox for Android would connect to using these cipher suites? I'd like to verify the proposed cipher suite to what each server supports. I can think of a few:

Flags: needinfo?(gkruglov)

(In reply to Jon Buckley [:jbuck] from comment #7)

In Bug 1508390 I updated the Firefox Accounts load balancer ssl ciphers to a stronger set. Since I was already looking at ssl ciphers I decided to compare the different policies for AWS, GCP, and Mozilla. My goal was to see if it'd be possible to switch Firefox Accounts to TLSv1.2-only.

Given that Firefox for Android requires a minimum OS version of 4.1, which corresponds with API level 16 and that the Sync 1.1 bits are. I propose that we make the following changes:

For ssl protocols change DEFAULT_PROTOCOLS to TLSv1.2 only. API level 16+ supports TLSv1.2, and TLSv1.3 isn't widely deployed enough to enable it yet.

For ssl ciphers with API level 24+ change DEFAULT_CIPHER_SUITES to:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

AES-GCM and ChaCha20-Poly1305 are the most secure choices for TLSv1.2, and continue to prioritize battery life by prioritizing AES-128 over AES-256. The addition of ChaCha20-Poly1305 should also improve battery life on Android devices that don't support AES hardware acceleration.

For ssl ciphers with API level 20+ change DEFAULT_CIPHER_SUITES to:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Same reasoning as API level 24+, minus the ChaCha20-Poly1305 ciphers since those weren't supported yet

For ssl ciphers with API level 16+ change DEFAULT_CIPHER_SUITES to:

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

Android only added support for SHA-2 hashes in API level 20+, so these are the best we can do for API level 16-19 devices.

This looks sensible to me.

Grisha - Is there a list of services that Firefox for Android would connect to using these cipher suites? I'd like to verify the proposed cipher suite to what each server supports. I can think of a few:

I'm not aware of a single list. For $reasons, this list only applies to the Apache httpclientlib used by Android background services. That means:

Yes.

  • Crash reporter?
  • Telemetry?

No.

I see

File: src/main/java/org/mozilla/gecko/fxa/FxAccountConstants.java
16:62: public static final String DEFAULT_AUTH_SERVER_ENDPOINT = "https://api.accounts.firefox.com/v1";
17:63: public static final String DEFAULT_TOKEN_SERVER_ENDPOINT = "https://token.services.mozilla.com/1.0/sync/1.5";
18:63: public static final String DEFAULT_OAUTH_SERVER_ENDPOINT = "https://oauth.accounts.firefox.com/v1";
19:65: public static final String DEFAULT_PROFILE_SERVER_ENDPOINT = "https://profile.accounts.firefox.com/v1";
21:60: public static final String STAGE_AUTH_SERVER_ENDPOINT = "https://stable.dev.lcip.org/auth/v1";
22:61: public static final String STAGE_TOKEN_SERVER_ENDPOINT = "https://stable.dev.lcip.org/syncserver/token/1.0/sync/1.5";
23:61: public static final String STAGE_OAUTH_SERVER_ENDPOINT = "https://oauth-stable.dev.lcip.org/v1";
24:63: public static final String STAGE_PROFILE_SERVER_ENDPOINT = "https://latest.dev.lcip.org/profile/v1";

and one you don't list: autopush.

I checked the Firefox Accounts, Push, Sync, and Token services for compatibility with the proposed TLS ciphers/protocols and all four support all the AES ciphers and TLSv1.2. When services migrate over to GCP they'll be able to use the ChaCha20-Poly1305 ciphers.

(In reply to Jon Buckley [:jbuck] from comment #12)

I checked the Firefox Accounts, Push, Sync, and Token services for compatibility with the proposed TLS ciphers/protocols and all four support all the AES ciphers and TLSv1.2. When services migrate over to GCP they'll be able to use the ChaCha20-Poly1305 ciphers.

Is there a planned date for the migration to gcp? Is this waiting on that migration?

BTW, I found a rationale for the removal in the Android Q release notes:

These cipher suites are less secure than the similar cipher suites that use GCM, and most servers either support both the GCM and CBC variants of these cipher suites or support neither of them.

It also includes a suggestion to prevent apps from breaking in future releases:

Note: Apps and libraries should intersect their desired set of cipher suites with the return value from getSupportedCipherSuites() to future-proof cipher suite selection against future removals.

(In reply to domoaligato from comment #13)

Is there a planned date for the migration to gcp? Is this waiting on that migration?

It varies based on the service - we've migrated some services already, others we'll be waiting until 2020. This patch doesn't block the migration to GCP.

(In reply to Jan Alexander Steffens [:heftig] from comment #14)

BTW, I found a rationale for the removal in the Android Q release notes:

These cipher suites are less secure than the similar cipher suites that use GCM, and most servers either support both the GCM and CBC variants of these cipher suites or support neither of them.

It also includes a suggestion to prevent apps from breaking in future releases:

Note: Apps and libraries should intersect their desired set of cipher suites with the return value from getSupportedCipherSuites() to future-proof cipher suite selection against future removals.

Nice find! That does seem like a simpler & more future-friendly idea, providing a single list and intersecting.

status-firefox66: --- → wontfix
status-firefox67: --- → fix-optional
Whiteboard: [geckoview:fenix:p2]
See Also: → 1548332

heftig, do you see a not-really-functional Your account needs to be verified. Tap to resend verification email. red error-box on your Sync settings page, as shown in attachment 9061970 [details]?

(I filed bug 1548332 on that but I'm curious if it's just a symptom of the same underlying issue here [perhaps Nightly mis-diagnosing itself when the sync fails due to the cipher mismatch].)

Flags: needinfo?(jan.steffens)

(In reply to Daniel Holbert [:dholbert] from comment #17)

heftig, do you see a not-really-functional Your account needs to be verified. Tap to resend verification email. red error-box on your Sync settings page, as shown in attachment 9061970 [details]?

I remember this being the case, yes. I'm no longer running Android Q, though, so I can't verify.

Flags: needinfo?(jan.steffens)

Adding [geckoview:fenix:m7] whiteboard tag because we should fix our Android Q bugs soon but they're not strictly Fenix MVP release blockers.

status-firefox67: fix-optionalwontfix
status-firefox68: affectedfix-optional
Whiteboard: [geckoview:fenix:p2] → [geckoview:fenix:m7]
status-firefox-esr60: --- → wontfix
status-geckoview66: --- → wontfix
Whiteboard: [geckoview:fenix:m7] → [geckoview:fenix:m7] [bcs:p2]
Assignee: nobody → petru.lingurar
Status: NEW → ASSIGNED

Added the new Android API 29+ cyphers
https://developer.android.com/reference/javax/net/ssl/SSLEngine#cipher-suites
and also added TLSv1.3
https://developer.android.com/reference/javax/net/ssl/SSLEngine#protocols

Will prefer ChaCha20-Poly1305 which is fastest, thoroughly vetted and battle tested -
https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography/

Beside the new additions will still keep support for previous TLSv1.2 and already
used cyphers still compatible with Android Q while favoring the 128 versions.

This might be upliftable to 67 (now or for a future dot release).
Pascal, what do you think? Android Q beta use is increasing.

Flags: needinfo?(pascalc)
status-firefox67: wontfixfix-optional
Flags: needinfo?(pascalc)

jbuck: I can't flag you for review on this (I don't know why not), but can you please look at the patch?

Flags: needinfo?(jbuckley)
Summary: Cannot sync on Android Q → Update default SSL cyphers and protocols for Android Q

These changes look reasonable to me. We don't appear to have TLS1.3 or ChaCha20-Poly1305 active on the FxA or Sync servers yet, but we could in future.

Martin, since this is touching TLS config in one of our clients, do you have any input here? This is changing the Fennec background services code, which use Android's native networking stack to connect to Mozilla-hosted services like Sync and Push, so that it will:

  • Use TLS1.3 when available on the device and the server
  • Prefer ChaCha20-Poly1305 when available, for perf reasons mentioned in Comment 20.
  • Not hard-code ciphersuites that have been deprecated on new Android devices (which was causing an error and was the original impetus for this bu)
Flags: needinfo?(mt)

Comments added to the patch. In short, this is fine. The API is terrible, but the way this manages it works.

BTW, it's "cipher" not "cypher".

Flags: needinfo?(mt)
Attachment #9064042 - Attachment description: Bug 1537701 - Update SSL cyphers and protocols for Android Q; r?Grisha → Bug 1537701 - Update SSL ciphers and protocols for Android Q; r?Grisha
Keywords: checkin-needed
Summary: Update default SSL cyphers and protocols for Android Q → Update default SSL ciphers and protocols for Android Q

Went ahead and asked for the patch to be merged since it has been already approved by other people.
Clearing NIs.

Flags: needinfo?(jbuckley)
Flags: needinfo?(gkruglov)

Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/6d6a45ae267a
Update SSL ciphers and protocols for Android Q; r=mt

Keywords: checkin-needed

I see that status-firefox67 is wontfix. Have we thought about this closely? It seems that with the Q beta on a huge number of phones and Q getting ready to release we should consider backporting this fix. IIUC without this fix sync doesn't work at all, taking a huge chunk of functionality. At the current state this means that sync is only available on Nightly to Q users.

(In reply to Kevin Cox [:kevincox] from comment #28)

I see that status-firefox67 is wontfix. Have we thought about this closely? It seems that with the Q beta on a huge number of phones and Q getting ready to release we should consider backporting this fix. IIUC without this fix sync doesn't work at all, taking a huge chunk of functionality. At the current state this means that sync is only available on Nightly to Q users.

This patch isn't even in Nightly, it's still in an integration branch, so there is no backport possible at the moment. We ship 67 in less than a week and Fennec RC will be built tomorrow. That doesn't look like a good candidate for an uplift in 67.0, potentially a candidate for a Fennec dot release once we have some bake time in Nightly and Beta. IMO, it is not unreasonable to tell people that are using Android Q beta to use Firefox Beta which will ship next week with this patch, we could even list it as a known issue in 67.0 release notes.

Thanks Pascal. I didn't realize the beta release with this patch is expected so soon. That should reasonable.

https://hg.mozilla.org/mozilla-central/rev/6d6a45ae267a

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox68: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68

[Tracking Requested - why for this release]:

67.0.5=fix-optional

If this fix looks OK in Fennec 68 Beta, we should consider uplifting it to the Fennec 67.0.5 dot release planned for June 4. We want Sync to work on Android Q.

status-firefox67.0.1: --- → fix-optional
tracking-firefox67.0.1: --- → ?
Flags: qe-verify+

I just got an update for Nightly (on Android Q) and I can confirm that this is fixed -- Sync started working immediately.

(I didn't have to reauthorize or anything -- I was in a "sync-is-logged-in-but-broken" state, per comment 17. And after I got the latest update, a sync started soon afterwards and completed successfully.)

--> VERIFIED. Thanks for fixing!

Status: RESOLVED → VERIFIED

Verified as fixed on Release 67.0 using Google Pixel (Android Q).

Flags: qe-verify+

(In reply to Chris Peterson [:cpeterson] from comment #32)

[Tracking Requested - why for this release]:

67.0.5=fix-optional

If this fix looks OK in Fennec 68 Beta, we should consider uplifting it to the Fennec 67.0.5 dot release planned for June 4. We want Sync to work on Android Q.

We don't take ridealongs in the trailhead release but do consider uplifts for another dot release.

status-firefox67.0.1: fix-optionalwontfix
tracking-firefox67.0.1: ?-

(In reply to Stefan Deiac from comment #34)

Verified as fixed on Release 67.0 using Google Pixel (Android Q).

Stefan, I am a bit confused here, the patch landed in 68 and hasn't been uplifted to 67, did you mean 68 beta or is it that you do not experience this bug in 67.0?

Flags: needinfo?(stefan.deiac)

Hello,
I wanted to specify the Nightly version. I double checked right now with the build from 2019-05-25 and the sync occurs right after the log-in.
Andrei from Cluj has also verified and confirmed that this issue is resolved on Nightly 68.0a1. Sorry for my confusion, thanks.

Flags: needinfo?(stefan.deiac)

After updating from Q beta3 to beta4 today, I'm immediately hitting this same issue again, and I filed bug 1557203 about it. (I'm guessing there was another Android-platform API/cipher change that we need to account for.)

Release Note Request (optional, but appreciated)
[Why is this notable]: Fixes Firefox Accounts for Android Q users.
[Affects Firefox for Android]: Only
[Suggested wording]: Firefox Sync now works on Android Q preview. You can log into your Firefox Account and Sync bookmarks, history and passwords from your other devices.
[Links (documentation, blog post, etc)]:

relnote-firefox: --- → ?

Too late to add new Fx68 relnotes.

relnote-firefox: ?-
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: