Bug#766007: iceweasel: SSL error - cannot connect to certain servers

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Oct 26 23:53:45 UTC 2014 

On 10/26/2014 07:34 PM, Norbert Preining wrote:
> So What I got from cipherscan is the following:
> 
> prio  ciphersuite           protocols    pfs_keysize
> 1     RC4-SHA               SSLv3
> 2     RC4-MD5               SSLv2,SSLv3
> 3     EDH-RSA-DES-CBC3-SHA  SSLv3        DH,1024bits
> 4     DES-CBC3-SHA          SSLv3
> 5     EDH-RSA-DES-CBC-SHA   SSLv3        DH,1024bits
> 6     DES-CBC-SHA           SSLv3
> 7     EXP-DES-CBC-SHA       SSLv3        RSA,512bits
> 8     EXP-RC4-MD5           SSLv2,SSLv3  RSA,512bits
> 
> 
> Does this tell you masters anything? It seems that it is SSLv3 only
> considering SSLv2 as even worse?

I'm not familiar with the details of cipherscan and how it evaluates
this, but reading from the reasonable interpretation of the above:

This is remarkably bad on a modern network.

SSLv2 has been explicitly prohibited for over 3 years now:

 https://tools.ietf.org/html/rfc6176

And this is coming from a body (the IETF) that has a very difficult time
explicitly stating that a given protocol is prohibited.

The export ciphersuites (denoted here with the EXP- prefix) are also
known-broken (arguably, designed broken), and should never be used by
anyone who cares about confidentiality or integrity.

RC4 is also known to be significantly weaker than anything you should
want (we're working on explicitly prohibiting it [0]).

The single-DES ciphersuites (items 5 and 6 above) are also only ~56 bits
of security, which is far to little.

so the only two semi-plausible ciphers in the above list are 3 and 4,
and those are really only possibly acceptable in contexts vulnerable to
BEAST and the like (e.g. web browsers) if the server does record
splitting (e.g. [1]), which i would guess that an old unmaintained
server does not.

In short, keeping this server off the public internet is a good idea,
and its administrators should really do an overhaul of its TLS stack.

Please use modern, well-supported crypto.  we know there are problems
with the old stuff.

	--dkg

[0] https://tools.ietf.org/html/draft-ietf-tls-prohibiting-rc4
[1] https://rt.openssl.org/Ticket/Display.html?id=2635&user=guest&pass=guest

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20141026/8ab2c076/attachment.sig>

More information about the pkg-mozilla-maintainers mailing list