Closed
Bug 934033
Opened 11 years ago
Closed 8 years ago
Remove legacy SSL3.0 FIPS ciphers
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.28
People
(Reporter: ryan.sleevi, Assigned: ttaubert)
References
()
Details
Remove the legacy SSL_RSA_FIPS_WITH_DES_CBC_SHA and SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA cipher suites from NSS. These are allocated off the experimental arc (0xFE), and were designed to allow SSL3.0 utilize the TLS1.0 PRF, permitting FIPS validation of the SSL3.0 implementation. They serve no use with NSS supporting TLS1.0+, and were never advanced to standards track.
Reporter | ||
Updated•11 years ago
|
Reporter | ||
Updated•11 years ago
|
Assignee: nobody → ryan.sleevi
Status: NEW → ASSIGNED
Comment 1•11 years ago
|
||
Technically, they would be useful for the case where a browser falls back from TLS 1.0 to SSL 3.0, securely or insecurely, if and only if servers actually negotiate these cipher suites in the SSL 3.0 case. More generally, perhaps we need to think seriously about the security of the SSL 3.0 PRF as part of the review of crypto stuff that is happening in light of recent news. It would suck if the SSL 3.0 PRF were completely broken considering an active MitM can trivially make us speak SSL 3.0.
Comment 2•10 years ago
|
||
FYI: As recently as 2010, these cipher suites were/are considered MUST-implement for at least some enterprisy standards. From http://www.ws-i.org/Profiles/BasicSecurityProfile-1.1.html#Mandatory_Ciphersuites: The specified algorithm suites are considered to be widely-implemented, secure and interoperable. R5703 Any TLS-capable INSTANCE that is FIPS compliant MUST support TLS_RSA_FIPS_WITH_3DES_EDE_CBC_SHA R5704 Any SSL-capable INSTANCE that is FIPS compliant MUST support SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA Googling for the cipher suite names shows quite a few results for "enterprisy" products from IBM, Oracle, and others that support them.
Comment 3•10 years ago
|
||
Hi there, is this still being worked on? I just created a fresh profile on Thunderbird 24.3.0 on Ubuntu 13.10, opened Javascript console and typed document.location.replace('https://www.howsmyssl.com/'); which reported that this is a cipher suite offered by this client: SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA So I edited the preferences to ensure (?) SSLv3 would be disabled security.tls.version.min = 1 security.tls.version.max = 3 and restarted Thunderbird and accessed the same website from the Javascript console again. Which reports that SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA is a supported cipher suite in this TLSv1.2 (!) encrypted connection. Same at https://www.ssllabs.com/ssltest/viewMyClient.html and https://cc.dcsec.uni-hannover.de/ Please do not enable support, by default, for any cipher suites which are not ultimately specified, whether or not some server products support them.
Assignee | ||
Comment 4•8 years ago
|
||
Going to take a look at this soon-ish. I think Ryan doesn't mind me stealing this.
Assignee: ryan.sleevi → ttaubert
Assignee | ||
Comment 5•8 years ago
|
||
Those are gone since we landed bug 1252849.
Blocks: 1252849
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.28
You need to log in
before you can comment on or make changes to this bug.
Description
•