Change the SSL cipher suites enabled by default



5 years ago
5 years ago


(Reporter: Wan-Teh Chang, Assigned: Wan-Teh Chang)


Firefox Tracking Flags

(Not tracked)



(1 attachment)



5 years ago
Created attachment 662823 [details] [diff] [review]
Proposed patch

The proposed patch does the following:

1. Disable all the export cipher suites by default.

2. Disable all the DES cipher suites by default.

3. Disable the RSA_FIPS cipher suites by default.

4. Enable all the non-ECC Triple DES cipher suites by default.

5. Enable all the non-ECC AES cipher suites by default.

6. Enable SSL_RSA_WITH_RC4_128_SHA and SSL_RSA_WITH_RC4_128_MD5
   by default.

Before this patch, our default cipher suite list in ClientHello is:

            cipher_suites[9] = {
                (0x0004) SSL3/RSA/RC4-128/MD5
                (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
                (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
                (0xfefe) SSL3/RSA-FIPS/DES-CBC/SHA
                (0x0009) SSL3/RSA/DES56-CBC/SHA
                (0x0064) TLS/RSA-EXPORT1024/RC4-56/SHA
                (0x0062) TLS/RSA-EXPORT1024/DES56-CBC/SHA
                (0x0003) SSL3/RSA/RC4-40/MD5
                (0x0006) SSL3/RSA/RC2CBC40/MD5

With this patch, our default cipher suite list in ClientHello becomes:

            cipher_suites[11] = {
                (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
                (0x0038) TLS/DHE-DSS/AES256-CBC/SHA
                (0x0035) TLS/RSA/AES256-CBC/SHA
                (0x0033) TLS/DHE-RSA/AES128-CBC/SHA
                (0x0032) TLS/DHE-DSS/AES128-CBC/SHA
                (0x0005) SSL3/RSA/RC4-128/SHA
                (0x0004) SSL3/RSA/RC4-128/MD5
                (0x002f) TLS/RSA/AES128-CBC/SHA
                (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
                (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
                (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
Attachment #662823 - Flags: review?(rrelyea)

Comment 1

5 years ago
This is the change that we have considered before, for example, in
bug 593080 comment 1.

Comment 2

5 years ago
Criteria I used:

1. Weak cipher suites and the nonstandard RSA_FIPS cipher
suites are disabled by default.

2. The mandatory cipher suites in TLS 1.0, 1.1, and 1.2
are enabled by default. Note: the mandatory cipher suite
in TLS 1.0 was selected to avoid the RSA patent. It is
rarely used in practice.

3. The cipher suites recommended in NIST SP 800-52 are
enabled by default. Note: SP 800-52 was published in
2005, so it is a little out of date. It predated the
availability of ECC cipher suites.

Changes I did not attempt in this patch:

1. ECC cipher suites.

2. Cipher suite reordering: list AES cipher suites before
Camellia and SEED cipher suites.

Comment 3

5 years ago
Comment on attachment 662823 [details] [diff] [review]
Proposed patch

r+ rrelyea
Attachment #662823 - Flags: review?(rrelyea) → review+

Comment 4

5 years ago
Bob: thanks for the review. Last Friday night I looked into changing
the order of our cipher suites because it cannot be controlled by the
applications. Unfortunately I realized that NSS-based SSL servers can
only select the first supported cipher suite offered by an SSL client.
So our current cipher suite order is necessary for NSS-based SSL servers
to choose a "national" cipher suite without disabling the AES cipher

So, until we add a feature for an NSS-based SSL server to specify its
own cipher suite preference, we can't change the cipher suite order :-(

Patch checked in on the NSS trunk (NSS 3.14).

Checking in ssl3con.c;
/cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v  <--  ssl3con.c
new revision: 1.189; previous revision: 1.188
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.