Closed
Bug 901393
(tls-everything)
Opened 11 years ago
Closed 4 years ago
[TRACKER] TLS/SSL support for all Mozilla properties, with proper protocol and cipher suite choices
Categories
(Security Assurance :: General, task)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: jvehent, Assigned: April)
References
(Depends on 1 open bug, )
Details
Attachments
(5 files)
Tracking bug for the review of SSL enabled servers across the board.
Reporter | ||
Comment 1•11 years ago
|
||
Some stats:
- 1153 mozilla sites support SSL
preferred ciphersuites are:
- 1073 RC4-SHA
- 17 RC4-MD5
- 54 DHE-RSA-AES256-SHA
- 3 AES128-GCM-SHA256
- 1 EDH-RSA-DES-CBC3-SHA
(and 5 lookup failures)
Note that some results, such as AES128-GCM-SHA256, come from CDNs we use and terminate the SSL.
Reporter | ||
Comment 2•11 years ago
|
||
Test of 2995 mozilla domains, 1153 of which have SSL enabled on port 443.
The 2nd column is the 1st preferred ciphersuite, the 3rd column is the 2nd preferred ciphersuite.
Reporter | ||
Comment 3•11 years ago
|
||
Citrix's Netscaler has added TLS1.2, waiting on a stable v11 to deploy it. ECDHE is on their roadmap.
Need to add conf recommendation for Netscaler to the mana page.
Reporter | ||
Updated•11 years ago
|
Group: infrasec
Comment 4•11 years ago
|
||
Brian Smith has been doing some work on which ciphersuites we _should_ prefer in Firefox, and I assume that also carries over to the server side. See the discussion in mozilla.dev.security.
Gerv
Reporter | ||
Comment 5•11 years ago
|
||
Yep, I've been following the thread from the start, and found a good amount of useful information in there. But the AES landscape is changing, and it seems that BEAST might not be as big of an issue anymore.
That, and the security levels provided by AES-256 vs AES-128, will influence the next version of the recommended ciphersuite. I suspect it will be very close to the one proposed by Brian. The major difference being that we don't want to disable too many ciphers, we just want to put them further down the list.
Reporter | ||
Comment 6•11 years ago
|
||
Added PFS keysize detection to cipherscan:
$ ./CiphersScan.sh www.mozilla.org:443
prio ciphersuite protocol pfs_keysize
1 RC4-SHA TLSv1.1
2 RC4-MD5 TLSv1.1
3 AES256-SHA TLSv1.1
4 DHE-RSA-AES256-SHA TLSv1.1 DH,1024bits
5 DES-CBC3-SHA TLSv1.1
6 EDH-RSA-DES-CBC3-SHA TLSv1.1 DH,1024bits
7 AES128-SHA TLSv1.1
8 DHE-RSA-AES128-SHA TLSv1.1 DH,1024bits
9 (NONE)
$ ./CiphersScan.sh login.persona.org:443
prio ciphersuite protocol pfs_keysize
1 DHE-RSA-AES256-SHA TLSv1 DH,1024bits
2 AES256-SHA TLSv1
3 CAMELLIA256-SHA TLSv1
4 DHE-RSA-AES128-SHA TLSv1 DH,1024bits
5 AES128-SHA TLSv1
6 CAMELLIA128-SHA TLSv1
7 RC4-SHA TLSv1
8 (NONE)
$ ./CiphersScan.sh minion-dev.mozillalabs.com:443
prio ciphersuite protocol pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits
3 DHE-RSA-AES256-GCM-SHA384 TLSv1.2 DH,2048bits
4 DHE-RSA-AES128-GCM-SHA256 TLSv1.2 DH,2048bits
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits
6 ECDHE-RSA-AES128-SHA TLSv1.2 ECDH,P-256,256bits
7 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits
8 ECDHE-RSA-AES256-SHA TLSv1.2 ECDH,P-256,256bits
9 DHE-RSA-AES128-SHA256 TLSv1.2 DH,2048bits
10 DHE-RSA-AES128-SHA TLSv1.2 DH,2048bits
11 DHE-RSA-AES256-SHA256 TLSv1.2 DH,2048bits
12 AES128-GCM-SHA256 TLSv1.2
13 AES256-GCM-SHA384 TLSv1.2
14 ECDHE-RSA-RC4-SHA TLSv1.2 ECDH,P-256,256bits
15 RC4-SHA TLSv1.2
16 DHE-RSA-AES256-SHA TLSv1.2 DH,2048bits
17 DHE-RSA-CAMELLIA256-SHA TLSv1.2 DH,2048bits
18 AES256-SHA256 TLSv1.2
19 AES256-SHA TLSv1.2
20 CAMELLIA256-SHA TLSv1.2
21 DHE-RSA-CAMELLIA128-SHA TLSv1.2 DH,2048bits
22 AES128-SHA256 TLSv1.2
23 AES128-SHA TLSv1.2
24 CAMELLIA128-SHA TLSv1.2
25 (NONE)
Reporter | ||
Comment 7•11 years ago
|
||
Update recommendation with a paragraph on DHE
https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=35069456#SSL%26TLSCiphersuites-DHEhanshakeanddhparam
Reporter | ||
Comment 8•11 years ago
|
||
Made public today at https://wiki.mozilla.org/Security/Server_Side_TLS
Hacker New discussion follows: https://news.ycombinator.com/item?id=6549962
Group: mozilla-corporation-confidential
Reporter | ||
Comment 9•11 years ago
|
||
Updated doc for PFS in Netscaler: https://wiki.mozilla.org/index.php?title=Security%2FServer_Side_TLS&diff=768598&oldid=764211
Reporter | ||
Comment 10•11 years ago
|
||
Some ciphers scanning results
* 'AllMozillaScan-20131120.txt' is a list of 911 Mozilla domains with their ciphers preferences.
* Based on the list above, and using the ciphers pref as a fingerprint, 'ZLB_websites.txt' is a list of 786 websites that are terminated on the ZLBs. Generated with:
pcregrep -M "^===.+\n^prio.+\n1\s+DHE-RSA-AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n2\s+DHE-RSA-AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n3\s+AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\n4\s+AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\n5\s+RC4-SHA\s+SSLv3,TLSv1,TLSv1.1" AllMozillaScan-20131120.txt | grep -E "^===" | awk '{print $2}' > ZLB_websites.txt
* 'Non_ZLB_websites.txt' is the inverse of the list above, and contains 125 websites that are not hosted behind the ZLBs. Generated with:
pcregrep -v -M "^===.+\n^prio.+\n1\s+DHE-RSA-AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n2\s+DHE-RSA-AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n3\s+AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\n4\s+AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\n5\s+RC4-SHA\s+SSLv3,TLSv1,TLSv1.1" AllMozillaScan-20131120.txt | grep -E "^===" | awk '{print $2}' > Non_ZLB_websites.txt
I'm particularly interested in the Non-ZLB websites. I'll dig through these in the future. It would be good to know exactly where they live and how they are maintained.
Reporter | ||
Comment 11•11 years ago
|
||
Reporter | ||
Comment 12•11 years ago
|
||
Reporter | ||
Comment 13•11 years ago
|
||
Comment 15•11 years ago
|
||
I'm still wondering and scarred why it takes so much time to change the ciphersuites.
a) it's security and privacy related (passwords, emails, data reports...)!
b) Mozilla has in comparison to other big networks a quite bad configuration
c) I'm sure, it's a huge work to change it on every server, but one year is much time. I know that I can't compare this, but on smaller networks where I'm involved it takes us just a few hours.
d) On our network it was a big discussion about RC4, BEAST, fallbacks for older browsers, Forward Secrecy, but before you discuss the details, it would be good to activate secure ciphers and TLS 1.2. If there are still some issues than just on pages with sensitive informations. This would improve the security for modern browsers a lot. And you got still the fallbacks. And then a discussion about different security areas and the advantages and disadvantages between different ciphers.
Reporter | ||
Comment 16•11 years ago
|
||
Yes, upgrading major infrastructures components is *that* hard. But we're making progress, and OCSP Stapling is now enabled on mozilla.org.
Updated•11 years ago
|
Status: NEW → ASSIGNED
Reporter | ||
Comment 17•11 years ago
|
||
I updated the guidelines today to deprecate RC4 for good. We'll use 3DES for backward compatible sites.
I also added a non-backward compatible ciphersuite that enforces PFS.
Next step is to add certificates guidelines.
Group: mozilla-employee-confidential
Component: Operations Security (OpSec): General → General
Product: mozilla.org → Enterprise Information Security
Version: other → unspecified
Group: mozilla-employee-confidential
Comment 18•9 years ago
|
||
Do we already have a bug for HSTS and HPKP on (all) Mozilla sites?
If we would implement preloaded HSTS, we could remove the HTTP redirect on some relevant hosts. Modern browsers would still connect over https and older clients can still connect over http (the redirect is insecure anyway) and get redirected over JS/meta refresh (if necessary/possible), based on their UA.
This would solve the issue, that old clients can't connect to mozzilla.org to download Firefox, when they can't handle modern encryption/certificates. At the same time we can provide strong encryption, that is not vulnerable to any downgrade attack for modern browsers.
(This problematic was discussed in bug 1068949, in the context of (not) replacing weak SHA-1 certificates.)
Reporter | ||
Comment 19•9 years ago
|
||
:sjw - the plan for supporting old clients must include HTTPS support. We're doing some work in that area that I'm hoping we can announce in the following weeks.
HSTS is gradually being deployed. HPKP will have to wait a bit since we may use letsencrypt on a few sites and we don't want to be tied to a pining just yet. I don't believe we have bugs to track those.
Reporter | ||
Comment 20•9 years ago
|
||
I'm returning this tracker to the community pool. Feel free to pick it up if you're interested in tracking progress.
Assignee: jvehent → nobody
Status: ASSIGNED → NEW
Assignee: nobody → april
Status: NEW → ASSIGNED
Assignee | ||
Updated•8 years ago
|
Summary: [TRACKER] SSL/TLS ciphersuites recommendation & fix → [TRACKER] TLS/SSL support for all Mozilla properties, with proper protocol and cipher suite choices
Assignee | ||
Updated•8 years ago
|
Alias: https-everything
Assignee | ||
Updated•8 years ago
|
Alias: https-everything → tls-everything
Updated•7 years ago
|
Comment 22•7 years ago
|
||
click.e.mozilla.org is missing in the attached lists. This HTTP-host is still preferring RC4, 3DES and non-FS ciphers.
Comment 23•6 years ago
|
||
How about download.cdn.mozilla.net? Still available (and accessed according to the provider) over plain HTTP.
Reporter | ||
Comment 24•6 years ago
|
||
(In reply to Daniel Stenberg [:bagder] from comment #23)
> How about download.cdn.mozilla.net? Still available (and accessed according
> to the provider) over plain HTTP.
This is a special case being discussed at https://bugzilla.mozilla.org/show_bug.cgi?id=1444399.
Comment 25•4 years ago
|
||
Unfortunately we don't have the resources currently to continue driving this effort in Security Assurance (previously Enterprise Information Security). I'll close this out though the child tickets remain open with the teams seeking to get TLS enabled on their services and hopefully that will be completed through federated efforts across those various teams.
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•