Closed Bug 1674092 Opened 4 years ago Closed 4 years ago

security.tls.version.enable-deprecated=true doesn't appear work anymore

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
Firefox 82
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: patrice.peterson, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0

Steps to reproduce:

  1. Set security.tls.version.enable-deprecated to true
  2. Visit https://tls-v1-0.badssl.com:1010/

This is on Fedora 33, package firefox-82.0-5.fc33.x86_64.

Actual results:

I got SSL_ERROR_UNSUPPORTED_VERSION.

Expected results:

I should have been able to access the website properly.

I can confirm the above happening since yesterday (upgraded from Fedora 32 to 33).

Tested with all tls.version options in Firefox settings and even settings tls.version to 0 does not permit to visit the site.

Same problem with Thunderbird where the "peer using unsupported version of security protocol" error is displayed upon trying to send emails via STARTTLS on mail servers which are only supporting tls 1.0 & 1.1. As with Firefox, none of the tls.version options to override this behaviour works any longer.

Checking with tcpdump it appears as tls v1.2 is still used no matter what:

TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: 72109389f8af8c2edc04ba73a1e40c27cda616db9169be1b…
Session ID Length: 32
Session ID: ccdc6ff8f09f2b593539f36607ebf71eeb91a782137c3a55…
Cipher Suites Length: 34
Cipher Suites (17 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 401
Extension: server_name (len=29)
Type: server_name (0)
Length: 29
Server Name Indication extension
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: supported_groups (len=14)
Type: supported_groups (10)
Length: 14
Supported Groups List Length: 12
Supported Groups (6 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: secp384r1 (0x0018)
Supported Group: secp521r1 (0x0019)
Supported Group: ffdhe2048 (0x0100)
Supported Group: ffdhe3072 (0x0101)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: status_request (len=5)
Type: status_request (5)
Length: 5
Certificate Status Type: OCSP (1)
Responder ID list Length: 0
Request Extensions Length: 0
Extension: key_share (len=107)
Type: key_share (51)
Length: 107
Key Share extension
Extension: supported_versions (len=5)
Type: supported_versions (43)
Length: 5
Supported Versions length: 4
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Extension: signature_algorithms (len=20)
Type: signature_algorithms (13)
Length: 20
Signature Hash Algorithms Length: 18
Signature Hash Algorithms (9 algorithms)
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: record_size_limit (len=2)
Type: record_size_limit (28)
Length: 2
Record Size Limit: 16385
Extension: padding (len=162)
Type: padding (21)
Length: 162
Padding Data: 000000000000000000000000000000000000000000000000…

Versions:

firefox-82.0-5.fc33
thunderbird-78.3.1-1.fc33

Component: Untriaged → Security: PSM
Product: Firefox → Core

If you use a non-Fedora branded version of Firefox, does it work?

Flags: needinfo?(patrice.peterson)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #2)

If you use a non-Fedora branded version of Firefox, does it work?

I assume this comment was for the reporter, however I just wanted to chime in and mention that I updated to thunderbird-78.4.0-1 from updates-testing repo to see if perhaps the issue was solved however the problem still persists.

If you use a non-Fedora branded version of Thunderbird, does it work? (i.e. download it from mozilla)

Flags: needinfo?(bugzilla.mozilla.org)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #4)

If you use a non-Fedora branded version of Thunderbird, does it work? (i.e. download it from mozilla)

I installed Thunderbird 78.4.0 with Flatpak (https://flathub.org/apps/details/org.mozilla.Thunderbird) and using the security.tls.version.enable-deprecated=true setting works perfectly as expected.

So it seems as it must be the Fedora RPMs which are affected exclusively.

Flags: needinfo?(bugzilla.mozilla.org)

The Fedora version of Firefox and Thunderbird uses the system copy of NSS, which can be configured to e.g. set the minimum TLS version. I suspect that's what's going on there. Can you open a bug with them? https://bugzilla.redhat.com/

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #6)

The Fedora version of Firefox and Thunderbird uses the system copy of NSS, which can be configured to e.g. set the minimum TLS version. I suspect that's what's going on there. Can you open a bug with them? https://bugzilla.redhat.com/

Already done :-)

https://bugzilla.redhat.com/show_bug.cgi?id=1893367

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #2)

If you use a non-Fedora branded version of Firefox, does it work?

Yeah, sorry for not getting back earlier – I also tested with the Flatpak version and it works there. Thanks to the other person for opening that bug report with Fedora! :)

Flags: needinfo?(patrice.peterson)

(In reply to Patrice Peterson from comment #8)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #2)

If you use a non-Fedora branded version of Firefox, does it work?

Yeah, sorry for not getting back earlier – I also tested with the Flatpak version and it works there. Thanks to the other person for opening that bug report with Fedora! :)

Perhaps it would help speed things up if you also commented/voted for the bug on Redhat's bug tracker. I am actually unable to send emails from one of my accounts due to this issue so the bug is a real blocker. Thanks in advance!

https://bugzilla.redhat.com/show_bug.cgi?id=1893367

According to https://fedoraproject.org/wiki/Changes/StrongCryptoSettings, running update-crypto-policies --set LEGACY should re-enable legacy versions of TLS for the whole system, which would include Firefox/Thunderbird as packaged by Fedora. Can you give that a try?

Flags: needinfo?(bugzilla.mozilla.org)

(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #10)

According to https://fedoraproject.org/wiki/Changes/StrongCryptoSettings, running update-crypto-policies --set LEGACY should re-enable legacy versions of TLS for the whole system, which would include Firefox/Thunderbird as packaged by Fedora. Can you give that a try?

Thanks for the hint Dana, it is definitely the root of the problem:

cat /etc/crypto-policies/state/CURRENT.pol

...
min_tls_version = TLS1.2
protocol = TLS1.3 TLS1.2 DTLS1.2
...

Having checked Koji I can see the last ever F32 package for crypto-policies was from 19/06 (https://koji.fedoraproject.org/koji/packageinfo?packageID=18548), and a few days later on the 25/06, now for F33, TLS 1.0 and 1.1 was dropped from DEFAULT:

Changelog * Thu Jun 25 2020 Tomáš Mráz <tmraz@redhat.com> - 20200625-1.gitb298a9e

  • DEFAULT policy: Drop DH < 2048 bits, TLS 1.0, 1.1, SHA-1
  • make the NEXT policy just an alias for DEFAULT as they are now identical
    ...

This is why the problem started immediately after upgrading from F32 to F33 last week. After setting it to LEGACY it works fine again:

cat /etc/crypto-policies/state/CURRENT.pol

...
min_tls_version = TLS1.0
protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0
...

As it is a system wide setting which would be a step back in terms of overall security, I instead have to figure out a way to create an exception for just Thunderbird. Flatpak works since it includes its own libraries I believe.

Flags: needinfo?(bugzilla.mozilla.org)

Thanks for checking that. To get this to work the way you want, Fedora will have to change. There's nothing Firefox/Thunderbird can do.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX

Yes, indeed, thanks for your assistance Dana.

I closed the bug in Redhat with this last comment (https://bugzilla.redhat.com/show_bug.cgi?id=1893367#c3):

Not sure how I missed this page as I always read the change log when upgrading but it is all detailed here:

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

Solution:

update-crypto-policies --set DEFAULT:FEDORA32

...or stop using services with TLS <1.2

Thanks much everyone, I learned something new today! :)

You need to log in before you can comment on or make changes to this bug.