473062 - SSL does NOT use most secure cypher available

Status: RESOLVED INVALID

(NSS :: Libraries, defect)

Description

[Laurens Blankers]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Build Identifier: 3.12.2.0 Basic ECC

When connecting to a website over HTTPS which support Triple DES, RC4, and AES using an application using NSS (e.g. Firefox 3.0.5) the least (Triple DES) rather then the most (AES) secure cypher is used.

Reproducible: Always

Steps to Reproduce:
1. Open https://www.mozilla.org in Firefox 3.0.5
2. Check cypher used in Technical Details of Page Info
Actual Results:  
Connection is encrypted using triple DES.

Expected Results:  
Connection should be encrypted using AES or possibly Camellia.

I think the selection of the cypher used is done by the server rather then the client. However the client provides the cyphers it support.

If common server implementation uses the first cypher provided by the client that it also support then may be changing the order in which the supported cyphers are transmitted will result in the use of a safer cypher. Alternatively the client could attempt a connection with the high grade cyphers only (AES, Camellia) first and if that fails reattempt the connection using lower grade cyphers (3DES, RC4).

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

This bug correctly notes that the cipher suite is chosen by the server,
not by the client.  It speculates, incorrectly, that the client is sending
out its list of supported cipher suites with 3DES coming before AES.  
The actual list sent  puts 3DES dead last, yet that is what www.mozilla.org
chooses.  Feel free to file a bug against that server, but there is no bug
in the browser here.