973713 - Need way for SSL server cipher preference to override client preference

Status: NEW

(NSS :: Libraries, enhancement, P3)

Description

[Chris Newman]

Older SSL clients (including older NSS clients like Firefox and Thunderbird) may support stronger cipher suites but have a client order that prefers weak/fast cipher suites. If NSS had an option to ignore the client cipher preference order and apply the server's preference order, that would allow site administrators to upgrade security for end-users in a consistent way without breaking compatibility with older clients lacking the stronger cipher suites.

OpenSSL has an option SSL_OP_CIPHER_SERVER_PREFERENCE to do this:
 https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

Comment 1

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Chris Newman from comment #0)
> Older SSL clients (including older NSS clients like Firefox and Thunderbird)
> may support stronger cipher suites but have a client order that prefers
> weak/fast cipher suites. If NSS had an option to ignore the client cipher
> preference order and apply the server's preference order, that would allow
> site administrators to upgrade security for end-users in a consistent way
> without breaking compatibility with older clients lacking the stronger
> cipher suites.
> 
> OpenSSL has an option SSL_OP_CIPHER_SERVER_PREFERENCE to do this:
>  https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html

I propose that, instead of having an option, we just make the default behavior of the server side of libssl to always choose a cipher suite based on its own preferences. I would be fine with this since Firefox (and soon Chrome, maybe?) would be using the same preferences anyway. It would be simpler to implement and with the new default (only) cipher suite preference order in NSS, it would improve security.

Comment 2

[Ralf Hauser]

see also Bug 949564