Closed Bug 901393 (tls-everything) Opened 10 years ago Closed 2 years ago

[TRACKER] TLS/SSL support for all Mozilla properties, with proper protocol and cipher suite choices


(Security Assurance :: General, task)

Not set


(Not tracked)



(Reporter: jvehent, Assigned: April)


(Depends on 1 open bug, )



(5 files)

Tracking bug for the review of SSL enabled servers across the board.
Some stats:
 - 1153 mozilla sites support SSL
preferred ciphersuites are:
 - 1073 RC4-SHA
 - 17 RC4-MD5
 - 54 DHE-RSA-AES256-SHA
 - 3 AES128-GCM-SHA256
(and 5 lookup failures)

Note that some results, such as AES128-GCM-SHA256, come from CDNs we use and terminate the SSL.
Attached file results.csv
Test of 2995 mozilla domains, 1153 of which have SSL enabled on port 443.
The 2nd column is the 1st preferred ciphersuite, the 3rd column is the 2nd preferred ciphersuite.
Depends on: 904077
Citrix's Netscaler has added TLS1.2, waiting on a stable v11 to deploy it. ECDHE is on their roadmap.

Need to add conf recommendation for Netscaler to the mana page.
Depends on: 914065
Group: infrasec
Brian Smith has been doing some work on which ciphersuites we _should_ prefer in Firefox, and I assume that also carries over to the server side. See the discussion in

Yep, I've been following the thread from the start, and found a good amount of useful information in there. But the AES landscape is changing, and it seems that BEAST might not be as big of an issue anymore.

That, and the security levels provided by AES-256 vs AES-128, will influence the next version of the recommended ciphersuite. I suspect it will be very close to the one proposed by Brian. The major difference being that we don't want to disable too many ciphers, we just want to put them further down the list.
Added PFS keysize detection to cipherscan:

$ ./
prio  ciphersuite           protocol  pfs_keysize
1     RC4-SHA               TLSv1.1
2     RC4-MD5               TLSv1.1
3     AES256-SHA            TLSv1.1
4     DHE-RSA-AES256-SHA    TLSv1.1   DH,1024bits
5     DES-CBC3-SHA          TLSv1.1
6     EDH-RSA-DES-CBC3-SHA  TLSv1.1   DH,1024bits
7     AES128-SHA            TLSv1.1
8     DHE-RSA-AES128-SHA    TLSv1.1   DH,1024bits
9     (NONE)

$ ./
prio  ciphersuite         protocol  pfs_keysize
1     DHE-RSA-AES256-SHA  TLSv1     DH,1024bits
2     AES256-SHA          TLSv1
3     CAMELLIA256-SHA     TLSv1
4     DHE-RSA-AES128-SHA  TLSv1     DH,1024bits
5     AES128-SHA          TLSv1
6     CAMELLIA128-SHA     TLSv1
7     RC4-SHA             TLSv1
8     (NONE)

$ ./
prio  ciphersuite                  protocol  pfs_keysize
1     ECDHE-RSA-AES128-GCM-SHA256  TLSv1.2   ECDH,P-256,256bits
2     ECDHE-RSA-AES256-GCM-SHA384  TLSv1.2   ECDH,P-256,256bits
3     DHE-RSA-AES256-GCM-SHA384    TLSv1.2   DH,2048bits
4     DHE-RSA-AES128-GCM-SHA256    TLSv1.2   DH,2048bits
5     ECDHE-RSA-AES128-SHA256      TLSv1.2   ECDH,P-256,256bits
6     ECDHE-RSA-AES128-SHA         TLSv1.2   ECDH,P-256,256bits
7     ECDHE-RSA-AES256-SHA384      TLSv1.2   ECDH,P-256,256bits
8     ECDHE-RSA-AES256-SHA         TLSv1.2   ECDH,P-256,256bits
9     DHE-RSA-AES128-SHA256        TLSv1.2   DH,2048bits
10    DHE-RSA-AES128-SHA           TLSv1.2   DH,2048bits
11    DHE-RSA-AES256-SHA256        TLSv1.2   DH,2048bits
12    AES128-GCM-SHA256            TLSv1.2
13    AES256-GCM-SHA384            TLSv1.2
14    ECDHE-RSA-RC4-SHA            TLSv1.2   ECDH,P-256,256bits
15    RC4-SHA                      TLSv1.2
16    DHE-RSA-AES256-SHA           TLSv1.2   DH,2048bits
17    DHE-RSA-CAMELLIA256-SHA      TLSv1.2   DH,2048bits
18    AES256-SHA256                TLSv1.2
19    AES256-SHA                   TLSv1.2
20    CAMELLIA256-SHA              TLSv1.2
21    DHE-RSA-CAMELLIA128-SHA      TLSv1.2   DH,2048bits
22    AES128-SHA256                TLSv1.2
23    AES128-SHA                   TLSv1.2
24    CAMELLIA128-SHA              TLSv1.2
25    (NONE)
Made public today at
Hacker New discussion follows:
Group: mozilla-corporation-confidential
Depends on: 927336
Some ciphers scanning results

* 'AllMozillaScan-20131120.txt' is a list of 911 Mozilla domains with their ciphers preferences.

* Based on the list above, and using the ciphers pref as a fingerprint, 'ZLB_websites.txt' is a list of 786 websites that are terminated on the ZLBs. Generated with:
    pcregrep -M "^===.+\n^prio.+\n1\s+DHE-RSA-AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n2\s+DHE-RSA-AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n3\s+AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\n4\s+AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\n5\s+RC4-SHA\s+SSLv3,TLSv1,TLSv1.1" AllMozillaScan-20131120.txt | grep -E "^===" | awk '{print $2}' > ZLB_websites.txt

* 'Non_ZLB_websites.txt' is the inverse of the list above, and contains 125 websites that are not hosted behind the ZLBs. Generated with:
    pcregrep -v -M "^===.+\n^prio.+\n1\s+DHE-RSA-AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n2\s+DHE-RSA-AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\s+DH,1024bits\n3\s+AES128-SHA\s+SSLv3,TLSv1,TLSv1.1\n4\s+AES256-SHA\s+SSLv3,TLSv1,TLSv1.1\n5\s+RC4-SHA\s+SSLv3,TLSv1,TLSv1.1" AllMozillaScan-20131120.txt | grep -E "^===" | awk '{print $2}' > Non_ZLB_websites.txt

I'm particularly interested in the Non-ZLB websites. I'll dig through these in the future. It would be good to know exactly where they live and how they are maintained.
Attached file ZLB_websites.txt
Attached file Non_ZLB_websites.txt
Depends on: 956714
Depends on: 1000952
I'm still wondering and scarred why it takes so much time to change the ciphersuites.
a) it's security and privacy related (passwords, emails, data reports...)!
b) Mozilla has in comparison to other big networks a quite bad configuration
c) I'm sure, it's a huge work to change it on every server, but one year is much time. I know that I can't compare this, but on smaller networks where I'm involved it takes us just a few hours.
d) On our network it was a big discussion about RC4, BEAST, fallbacks for older browsers, Forward Secrecy, but before you discuss the details, it would be good to activate secure ciphers and TLS 1.2. If there are still some issues than just on pages with sensitive informations. This would improve the security for modern browsers a lot. And you got still the fallbacks. And then a discussion about different security areas and the advantages and disadvantages between different ciphers.
Yes, upgrading major infrastructures components is *that* hard. But we're making progress, and OCSP Stapling is now enabled on
I updated the guidelines today to deprecate RC4 for good. We'll use 3DES for backward compatible sites.
I also added a non-backward compatible ciphersuite that enforces PFS.

Next step is to add certificates guidelines.
Depends on: 1064387
Depends on: 1077557
Depends on: 1077634
Depends on: 927045
Depends on: 889749
Group: mozilla-employee-confidential
Component: Operations Security (OpSec): General → General
Product: → Enterprise Information Security
Version: other → unspecified
Group: mozilla-employee-confidential
Do we already have a bug for HSTS and HPKP on (all) Mozilla sites?
If we would implement preloaded HSTS, we could remove the HTTP redirect on some relevant hosts. Modern browsers would still connect over https and older clients can still connect over http (the redirect is insecure anyway) and get redirected over JS/meta refresh (if necessary/possible), based on their UA.
This would solve the issue, that old clients can't connect to to download Firefox, when they can't handle modern encryption/certificates. At the same time we can provide strong encryption, that is not vulnerable to any downgrade attack for modern browsers.
(This problematic was discussed in bug 1068949, in the context of (not) replacing weak SHA-1 certificates.)
:sjw - the plan for supporting old clients must include HTTPS support. We're doing some work in that area that I'm hoping we can announce in the following weeks.
HSTS is gradually being deployed. HPKP will have to wait a bit since we may use letsencrypt on a few sites and we don't want to be tied to a pining just yet. I don't believe we have bugs to track those.
I'm returning this tracker to the community pool. Feel free to pick it up if you're interested in tracking progress.
Assignee: jvehent → nobody
Assignee: nobody → april
Summary: [TRACKER] SSL/TLS ciphersuites recommendation & fix → [TRACKER] TLS/SSL support for all Mozilla properties, with proper protocol and cipher suite choices
Depends on: 1302420
Depends on: 1282128
Alias: https-everything
Alias: https-everything → tls-everything
Depends on: 1338581
Depends on: 1343272
Depends on: 1306368
No longer depends on: 1282128
Depends on: 1365378
Depends on: 1407779
Blocks: 1351516
Depends on: 1440934, 1440935, 1442994 is missing in the attached lists. This HTTP-host is still preferring RC4, 3DES and non-FS ciphers.
Depends on: 1475430
Depends on: 1475432
How about Still available (and accessed according to the provider) over plain HTTP.
(In reply to Daniel Stenberg [:bagder] from comment #23)
> How about Still available (and accessed according
> to the provider) over plain HTTP.

This is a special case being discussed at
Depends on: 902602

Unfortunately we don't have the resources currently to continue driving this effort in Security Assurance (previously Enterprise Information Security). I'll close this out though the child tickets remain open with the teams seeking to get TLS enabled on their services and hopefully that will be completed through federated efforts across those various teams.

Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.