Closed Bug 1590168 Opened 5 years ago Closed 2 years ago

TLS 1.3 cipher suites aren't contained the list of preference values offered in about:config

Categories

(Core :: Security: PSM, defect, P5)

60 Branch
Desktop
macOS
defect

Tracking

()

RESOLVED DUPLICATE of bug 1531261

People

(Reporter: jan, Unassigned)

Details

(Whiteboard: [psm-backlog])

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:69.0) Gecko/20100101 Firefox/69.0

Steps to reproduce:

The ciphers used for SMTP STARTTLS differ from other TLS connection ciphers.

Configuration:
security.tls.version.min 3
security.ssl3.dhe_rsa_aes_128_sha true
security.ssl3.dhe_rsa_aes_256_sha true
security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 false
security.ssl3.ecdhe_ecdsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384 false
security.ssl3.ecdhe_ecdsa_aes_256_sha false
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 false
security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 false
security.ssl3.ecdhe_rsa_aes_128_sha false
security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 false
security.ssl3.ecdhe_rsa_aes_256_sha false
security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 false
security.ssl3.rsa_aes_128_sha false
security.ssl3.rsa_aes_256_sha false
security.ssl3.rsa_des_ede3_sha false

Observe TLS Client Hello in Wireshark when sending a message.

Actual results:

SMTP :143 STARTTLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (3 suites)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)

SMTP :465 SSL/TLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (2 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

Expected results:

SMTP :143 STARTTLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (2 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

SMTP :465 SSL/TLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (2 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

Flags: needinfo?(kaie)

typo: SMTP :143 STARTTLS should be SMTP :587 STARTTLS

OS: Unspecified → macOS
Hardware: Unspecified → Desktop

Jan, you're reporting this for TB 60.x. Did you test if you get the same behavior with TB 68.x ?

Please state version which exact version you're using.

Which operating system? Did you get the Thunderbird binaries from a Linux distribution, or downloaded from thunderbird.net directly?

Did you run wireshark on the same computer that runs thunderbird?

Flags: needinfo?(kaie) → needinfo?(jan)

(In reply to Kai Engert (:kaie:) from comment #2)

Jan, you're reporting this for TB 60.x. Did you test if you get the same behavior with TB 68.x ?

Please state version which exact version you're using.

Which operating system? Did you get the Thunderbird binaries from a Linux distribution, or downloaded from thunderbird.net directly?

The report is for Thunderbird 60.9.0 on macOS 10.13.6 (17G8037). The binaries are from thunderbird.net.

Did you run wireshark on the same computer that runs thunderbird?

Yes.

The behavior is different on 68.2.0. This is the output for 68.2.0:

Actual results:

SMTP :587 STARTTLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (5 suites)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

SMTP :465 SSL/TLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (5 suites)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

Expected results:

SMTP :587 STARTTLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (2 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

SMTP :465 SSL/TLS

TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Cipher Suites (2 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

Flags: needinfo?(jan)

It took me a while to understand your report.

I think what you're saying is:

  • you're using a nonstandard configuration
  • you have used about:config to disable certain cipher suites
  • you believe you have disabled the following ciphers:
    • TLS_AES_128_GCM_SHA256 (0x1301)
    • TLS_CHACHA20_POLY1305_SHA256 (0x1303)
    • TLS_AES_256_GCM_SHA384 (0x1302)
  • however, you see those cipher suites being offered in the handshake

Jan, is my understanding of your report correct?

I think your assumption that you have disabled those ciphers is incorrect, but it seems you were misled.

The above three ciphers are TLS 1.3 cipher suites.
Support for them had been added with this commit:
https://hg.mozilla.org/mozilla-central/rev/96991c815ab8de388e15cd2b6096064c552ca6e6

As can be seen at the bottom of that patch, the corresponding config keys are:

  • "security.tls13.aes_128_gcm_sha256",
  • "security.tls13.chacha20_poly1305_sha256",
  • "security.tls13.aes_256_gcm_sha384",

Note the "security.tls13." prefix. However, you probably didn't disable those. All config entries you listed in comment 0 begin with "security.ssl3.".

@Jan: Please try to add those keys, set them to false, and please report back if that disables the cipher suites.

However, I think you were unable to detect them easily, because they weren't added to the list of visible preferences.
(File https://searchfox.org/mozilla-central/source/modules/libpref/init/all.js only lists the security.ssl3. prefs, but not the security.tls13. prefs.)

@Dana, do you think the security.tls13. prefs should be added to all.js ?

Status: UNCONFIRMED → NEW
Component: Security → Security: PSM
Ever confirmed: true
Product: Thunderbird → Core
Version: 60 → 60 Branch
Summary: SMTP STARTTLS ciphers differ from other TLS connection ciphers → TLS 1.3 cipher suites aren't contained the list of preference values offered in about:config

I think what you're saying is:

  • you're using a nonstandard configuration

Yes

  • you have used about:config to disable certain cipher suites

Yes

  • you believe you have disabled the following ciphers:
    • TLS_AES_128_GCM_SHA256 (0x1301)
    • TLS_CHACHA20_POLY1305_SHA256 (0x1303)
    • TLS_AES_256_GCM_SHA384 (0x1302)
  • however, you see those cipher suites being offered in the handshake

My original report was about TB60. I had only enabled security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha (or so I thought). So I was surprised to see 3 other ciphers instead for SMTP :587 STARTTLS, while SMTP :465 SSL/TLS had the correct 2 ciphers.
Then I tested again for TB68, the DHE ciphers are there for SMTP :587 STARTTLS. However now also these 3 other ciphers are there for both STARTTLS and SSL/TLS. I did not know these had a hidden setting.

Jan, is my understanding of your report correct?
I think your assumption that you have disabled those ciphers is incorrect, but it seems you were misled.

Basically yes. And that in TB60 the DHE ciphers were missing for SMTP :587 STARTTLS.

I suppose we should be consistent, but I'm not keen on making it easier for users to put Firefox in an inoperable state by accident.

Priority: -- → P5
Whiteboard: [psm-backlog]

If we want to be consistent, I think we should rather unlist "security.ssl3." prefs from about:config.

Maybe removing all those prefs from all.js is reasonable, less likely to be discovered, but still available for users who have a need to disable it.

I'm not keen in "ultra-hidden" preferences. Either have them controllable in about:config or don't have them controllable at all. Prefs only known to the 4 people who made them is dumb

Severity: normal → S4
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.