Closed Bug 1631240 Opened 4 years ago Closed 4 years ago

even if you disable all cipher suites in Firefox settings, some https:// sites still work, so disabling cipher suites seems not to be working correctly

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: bennett, Unassigned)

Details

(Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Go to about:config and search for "ssl3".
Then for every cipher suite listed (security.ssl3.dhe_rsa_aes_128_sha, security.ssl3.dhe_rsa_aes_256_sha, etc. -- there are 15 listed for me), double-click it to change the value to "False".
(Restart the browser after this if you want, although it appears to make no difference.)
Afterwards, certain https:// websites still work:
https://www.instagram.com/
https://www.google.com/
https://www.paypal.com/

I have not discerned the exact pattern for which websites still work -- it appears it might have something to do with whether you've visited the website previously. (However, even if you have visited the website previously and their public key certificate is cached, that public key is just used to establish the initial connection after which all communication is encrypted using one of the cipher suites -- and that should not work, if you have disabled all cipher suites!)

I think this qualifies as a (low) security risk, because sometimes you have to disable a cipher suite if the cipher suite has been publicly broken. (Or Mozilla might push out an update which disables the cipher suite in users' settings.) Thus, it is a security risk if disabling cipher suites is not working properly.

Flags: sec-bounty?

Not an authoritative answer as I'm very much not an NSS/crypto expert, but:

https://searchfox.org/mozilla-central/rev/a4d62e09a4c46aef918667fa759bf9ae898dc258/security/manager/ssl/nsNSSComponent.cpp#1039-1042

would indicate that there are cipher suites not using ssl3 in their pref name. And indeed, if I follow the steps in comment #0, I can reproduce with instagram.com, and if I then click the lock, click the arrow next to "connection secure" and then click "more information" (which opens the page info dialog on the security pane), it shows that I'm connected using one of the relevant TLS1.3 algorithms which is not disabled. Ditto for google (same algorithm) and paypal (not the same, but still one of the TLS ones).

In general, it's worth bearing in mind that when reading preferences, code can specify a default value and not care about the absence of the preference, in which case that preference will not be listed in about:config unless it is modified in the user's profile.

So I'm inclined to think this bug is invalid as filed and the security flag can be removed, but I'll leave it to Dana/JC to confirm.

Group: firefox-core-security → crypto-core-security
Type: task → defect
Component: Security → Security: PSM
Flags: needinfo?(jjones)
Flags: needinfo?(dkeeler)
Product: Firefox → Core

Thanks. Although now I'm a bit more confused :)

When I first saw "ssl3" in those setting names, I assumed it was an example of people saying "ssl" when they really mean "tls" (as in ssllabs.com). For one thing, the settings clearly do apply to TLS connections -- you can probably reproduce this:

  • in about:config, disable all ciphers
  • verify you cannot connect to https://support.mozilla.org -- you get "SSL_ERROR_NO_CYPHER_OVERLAP"
  • re-enable the cipher security.ssl3.rsa_aes_256_sha (and only that cipher)
  • verify NOW you can connect to https://support.mozilla.org -- but if you click the info box, it says the connection is TLS 1.2. So the "ssl3" setting is applied to the TLS 1.2 connection.

The only thing I can think of that is consistent with all the observed evidence, is:

  • The setting names beginning with "ssl3" apply to all protocols from SSL3 all the way to TLS 1.2. (Hence what we observed above.)
  • The setting names beginning with "tls13" apply to TLS 1.3 connections.
  • The "tls13" settings are not editable in about:config. (That doesn't seem too logical -- if a cipher becomes insecure, shouldn't you be able to disable it for TLS 1.3, just as you can disable an insecure cipher for TLS 1.2? But it is at least consistent with observation.)

OK, this is not a security hole after all. For my punishment I will use Edge the rest of the day.

(In reply to Bennett Haselton from comment #2)

  • The "tls13" settings are not editable in about:config. (That doesn't seem too logical -- if a cipher becomes insecure, shouldn't you be able to disable it for TLS 1.3, just as you can disable an insecure cipher for TLS 1.2? But it is at least consistent with observation.)

I haven't tried, but I expect you can create them as boolean preferences in about:config and set them to false, and that'll work (ie it'll disable those ciphers). Whether you want to or should is a different question.

The preferences for the TLS 1.3 cipher suites are hidden. In general, users shouldn't need to edit the cipher suite list. If one is found to be insecure we'll issue an update that disables it.

Group: crypto-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(dkeeler)
Resolution: --- → INVALID
Flags: needinfo?(jjones)

This bug does not meet the criteria of the bug bounty program.

Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.