Closed Bug 973755 Opened 7 years ago Closed 4 years ago

Implement AES-256 GCM cipher suites

Categories

(NSS :: Libraries, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: jes, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release)

Steps to reproduce:

I wanted to ensure I was using the strongest cipher suites available in TLS v1.2. However, they are not implemented. Specifically, I wanted to only use ECDHE_ECDSA_AES_256_GCM_SHA384 or ECDHE_RSA_AES_256_GCM_SHA384. 


Actual results:

For some reason, only ecdhe_ecdsa_aes_128_gcm_sha256 and security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 are implemented in Firefox 27.0.{0,1}, even though documentation states Firefox 27 supports TLS v1.2. 


Expected results:

There should be support in Firefox 27.x and above for the following ciphers:

ECDHE-ECDSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384

If all four can't be implemented, than at least these two should be implemented immediately:

ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384

They are specified in the RFC (http://tools.ietf.org/rfc/rfc5288.txt) and implemented in openssl (https://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites).

Until support for the above TLS v1.2 ciphers are implemented, the documentation should be updated to reflect "significantly limited support for TLSv1.2."

Thanks.
Severity: normal → major
Keywords: wsec-crypto
Assignee: nobody → nobody
Severity: major → normal
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: 27 Branch → trunk
(In reply to J from comment #0)
> For some reason, only ecdhe_ecdsa_aes_128_gcm_sha256 and
> security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 are implemented in Firefox
> 27.0.{0,1}, even though documentation states Firefox 27 supports TLS v1.2. 

Supporting only ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and ECDHE_RSA_WITH_AES_128_GCM_SHA256 and not-supporting DHE_RSA_WITH_AES_128_GCM_SHA256 and RSA_WITH_AES_128_GCM_SHA256 are the expected features (bug 936828). 
Not only Fx27, all branches except ESR support same cipher suites.

> Expected results:
> 
> There should be support in Firefox 27.x and above for the following ciphers:
> 
> ECDHE-ECDSA-AES256-GCM-SHA384
> ECDH-ECDSA-AES256-GCM-SHA384
> ECDHE-RSA-AES256-GCM-SHA384
> ECDH-RSA-AES256-GCM-SHA384
> 
> If all four can't be implemented, than at least these two should be
> implemented immediately:
> 
> ECDHE-ECDSA-AES256-GCM-SHA384
> ECDHE-RSA-AES256-GCM-SHA384

Fix of bug 923089 is required to support AES_256_GCM_SHA384 variants.
In addition, ECDH_* variants (no ephemeral keys) will not be enabled any more.
 
> Until support for the above TLS v1.2 ciphers are implemented, the
> documentation should be updated to reflect "significantly limited support
> for TLSv1.2."

Support of AES GCM in TLS 1.2 is just "optional".
There is no need to change the document at all.
This bug will be about the implementation of AES-256 GCM cipher suites in libssl. I presume that this will match the AES-128 support, which includes cipher suites that Firefox doesn't implement like the TLS_DHE_* and TLS_RSA_* variants.

I will file a separate bug for the enabling of the AES-256 GCM cipher suites in Gecko (Firefox). Everybody CC'd on this bug will be CC'd on the Gecko bug I'm creating. Please discuss Firefox-specific stuff there, and not in this NSS bug. NSS is a component shared by multiple products and each product has its own policies regarding which cipher suites it supports.
Severity: normal → enhancement
Depends on: 923089
OS: Linux → All
Hardware: x86_64 → All
Summary: Firefox 27.0.{0,1} Does Not Support AES_256_GCM Algorithms in TLS1.2 Implementation → Implement AES-256 GCM cipher suites
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: wsec-crypto
Blocks: 1178092
Bug 923089 fixed this.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.