Closed Bug 689813 Opened 13 years ago Closed 11 years ago

Add pref to disable insecure fallback to SSL 3.0 for TLS intolerant servers

Categories

(Core :: Security: PSM, defect)

defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 689814

People

(Reporter: briansmith, Unassigned)

References

Details

(Keywords: sec-want, Whiteboard: [sg:want?])

I would like to coordinate with other browser vendors to disable our insecure fallback to SSL 3.0 when we cannot connect to a server and/or we detect some SSL errors. The default value of the pref will be to allow the insecure fallback for now.
From our stats, it appears that ~1% of HTTPS connections involve SSLv3 fallback.

While I'm keen on getting rid of SSLv3 fallback, in general we don't add options and it's not clear whether this would meet our UI team's bar for visibility.

(In past we have had options for enabling and disabling TLS 1.0 and SSL 3.0, but those have been removed.)

Previously, Yngve has suggested taking renegotiation extension support as an indication of TLS 1.0 compatibility. (i.e. if we tried SSLv3 fallback and found a renego patched SSLv3 server, then the fallback was the result of flakiness.) He indicated that, while not perfect, there were only a handful of sites that were a problem under that condition.

However, we use SSLv3 fallback in order to workaround a number of incompatibilities from standard TLS intolerance to problems with DEFLATE and specific extensions. It's unclear whether Yngve's prober results would therefore be representative.
Bug 901718 aims for removing the fallback to SSLv3. This bug should be marked as a duplicate of Bug 901718.
(In reply to Florian Bender from comment #2)
> Bug 901718 aims for removing the fallback to SSLv3. This bug should be
> marked as a duplicate of Bug 901718.

Bug 901718 is about removing fallback to SSL 3.0 for two specific reasons (connection resets and EOF), to match Chrome's behavior. This bug is about adding a pref (not exposed in the UI) to disable SSL 3.0 fallback completely. Bug 689814 is about making that option default to blocking SSL 3.0 fallback completely. Bug 707275 is about adding telemetry to measure all of this (amongst other things).

I agree, though, that we don't need a separate bug for this. We will add prefs (without any UI) in bug 689814 as needed. I will comment in that bug about what I forsee us actually doing.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.