Closed
Bug 792681
Opened 12 years ago
Closed 12 years ago
Change the SSL cipher suites enabled by default
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.14
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
|
5.00 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
The proposed patch does the following:
1. Disable all the export cipher suites by default.
2. Disable all the DES cipher suites by default.
3. Disable the RSA_FIPS cipher suites by default.
4. Enable all the non-ECC Triple DES cipher suites by default.
5. Enable all the non-ECC AES cipher suites by default.
6. Enable SSL_RSA_WITH_RC4_128_SHA and SSL_RSA_WITH_RC4_128_MD5
by default.
Before this patch, our default cipher suite list in ClientHello is:
cipher_suites[9] = {
(0x0004) SSL3/RSA/RC4-128/MD5
(0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
(0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
(0xfefe) SSL3/RSA-FIPS/DES-CBC/SHA
(0x0009) SSL3/RSA/DES56-CBC/SHA
(0x0064) TLS/RSA-EXPORT1024/RC4-56/SHA
(0x0062) TLS/RSA-EXPORT1024/DES56-CBC/SHA
(0x0003) SSL3/RSA/RC4-40/MD5
(0x0006) SSL3/RSA/RC2CBC40/MD5
}
With this patch, our default cipher suite list in ClientHello becomes:
cipher_suites[11] = {
(0x0039) TLS/DHE-RSA/AES256-CBC/SHA
(0x0038) TLS/DHE-DSS/AES256-CBC/SHA
(0x0035) TLS/RSA/AES256-CBC/SHA
(0x0033) TLS/DHE-RSA/AES128-CBC/SHA
(0x0032) TLS/DHE-DSS/AES128-CBC/SHA
(0x0005) SSL3/RSA/RC4-128/SHA
(0x0004) SSL3/RSA/RC4-128/MD5
(0x002f) TLS/RSA/AES128-CBC/SHA
(0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
(0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
(0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
}
Attachment #662823 -
Flags: review?(rrelyea)
|
Assignee | |
Comment 1•12 years ago
|
||
This is the change that we have considered before, for example, in
bug 593080 comment 1.
|
|
Assignee | |
Comment 2•12 years ago
|
||
Criteria I used:
1. Weak cipher suites and the nonstandard RSA_FIPS cipher
suites are disabled by default.
2. The mandatory cipher suites in TLS 1.0, 1.1, and 1.2
are enabled by default. Note: the mandatory cipher suite
in TLS 1.0 was selected to avoid the RSA patent. It is
rarely used in practice.
3. The cipher suites recommended in NIST SP 800-52 are
enabled by default. Note: SP 800-52 was published in
2005, so it is a little out of date. It predated the
availability of ECC cipher suites.
Changes I did not attempt in this patch:
1. ECC cipher suites.
2. Cipher suite reordering: list AES cipher suites before
Camellia and SEED cipher suites.
|
||
Comment 3•12 years ago
|
||
Comment on attachment 662823 [details] [diff] [review]
Proposed patch
r+ rrelyea
Attachment #662823 -
Flags: review?(rrelyea) → review+
|
|
Assignee | |
Comment 4•12 years ago
|
||
Bob: thanks for the review. Last Friday night I looked into changing
the order of our cipher suites because it cannot be controlled by the
applications. Unfortunately I realized that NSS-based SSL servers can
only select the first supported cipher suite offered by an SSL client.
So our current cipher suite order is necessary for NSS-based SSL servers
to choose a "national" cipher suite without disabling the AES cipher
suites.
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslenum.c&rev=1.19&mark=19-22#13
So, until we add a feature for an NSS-based SSL server to specify its
own cipher suite preference, we can't change the cipher suite order :-(
Patch checked in on the NSS trunk (NSS 3.14).
Checking in ssl3con.c;
/cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v <-- ssl3con.c
new revision: 1.189; previous revision: 1.188
done
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•