Closed
Bug 792681
Opened 12 years ago
Closed 12 years ago
Change the SSL cipher suites enabled by default
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.14
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
5.00 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
The proposed patch does the following: 1. Disable all the export cipher suites by default. 2. Disable all the DES cipher suites by default. 3. Disable the RSA_FIPS cipher suites by default. 4. Enable all the non-ECC Triple DES cipher suites by default. 5. Enable all the non-ECC AES cipher suites by default. 6. Enable SSL_RSA_WITH_RC4_128_SHA and SSL_RSA_WITH_RC4_128_MD5 by default. Before this patch, our default cipher suite list in ClientHello is: cipher_suites[9] = { (0x0004) SSL3/RSA/RC4-128/MD5 (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA (0xfefe) SSL3/RSA-FIPS/DES-CBC/SHA (0x0009) SSL3/RSA/DES56-CBC/SHA (0x0064) TLS/RSA-EXPORT1024/RC4-56/SHA (0x0062) TLS/RSA-EXPORT1024/DES56-CBC/SHA (0x0003) SSL3/RSA/RC4-40/MD5 (0x0006) SSL3/RSA/RC2CBC40/MD5 } With this patch, our default cipher suite list in ClientHello becomes: cipher_suites[11] = { (0x0039) TLS/DHE-RSA/AES256-CBC/SHA (0x0038) TLS/DHE-DSS/AES256-CBC/SHA (0x0035) TLS/RSA/AES256-CBC/SHA (0x0033) TLS/DHE-RSA/AES128-CBC/SHA (0x0032) TLS/DHE-DSS/AES128-CBC/SHA (0x0005) SSL3/RSA/RC4-128/SHA (0x0004) SSL3/RSA/RC4-128/MD5 (0x002f) TLS/RSA/AES128-CBC/SHA (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA }
Attachment #662823 -
Flags: review?(rrelyea)
Assignee | ||
Comment 1•12 years ago
|
||
This is the change that we have considered before, for example, in bug 593080 comment 1.
Assignee | ||
Comment 2•12 years ago
|
||
Criteria I used: 1. Weak cipher suites and the nonstandard RSA_FIPS cipher suites are disabled by default. 2. The mandatory cipher suites in TLS 1.0, 1.1, and 1.2 are enabled by default. Note: the mandatory cipher suite in TLS 1.0 was selected to avoid the RSA patent. It is rarely used in practice. 3. The cipher suites recommended in NIST SP 800-52 are enabled by default. Note: SP 800-52 was published in 2005, so it is a little out of date. It predated the availability of ECC cipher suites. Changes I did not attempt in this patch: 1. ECC cipher suites. 2. Cipher suite reordering: list AES cipher suites before Camellia and SEED cipher suites.
Comment 3•12 years ago
|
||
Comment on attachment 662823 [details] [diff] [review] Proposed patch r+ rrelyea
Attachment #662823 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 4•12 years ago
|
||
Bob: thanks for the review. Last Friday night I looked into changing the order of our cipher suites because it cannot be controlled by the applications. Unfortunately I realized that NSS-based SSL servers can only select the first supported cipher suite offered by an SSL client. So our current cipher suite order is necessary for NSS-based SSL servers to choose a "national" cipher suite without disabling the AES cipher suites. http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslenum.c&rev=1.19&mark=19-22#13 So, until we add a feature for an NSS-based SSL server to specify its own cipher suite preference, we can't change the cipher suite order :-( Patch checked in on the NSS trunk (NSS 3.14). Checking in ssl3con.c; /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v <-- ssl3con.c new revision: 1.189; previous revision: 1.188 done
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•