Bug#766007: iceweasel: SSL error - cannot connect to certain servers
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Oct 26 23:53:45 UTC 2014
On 10/26/2014 07:34 PM, Norbert Preining wrote:
> So What I got from cipherscan is the following:
>
> prio ciphersuite protocols pfs_keysize
> 1 RC4-SHA SSLv3
> 2 RC4-MD5 SSLv2,SSLv3
> 3 EDH-RSA-DES-CBC3-SHA SSLv3 DH,1024bits
> 4 DES-CBC3-SHA SSLv3
> 5 EDH-RSA-DES-CBC-SHA SSLv3 DH,1024bits
> 6 DES-CBC-SHA SSLv3
> 7 EXP-DES-CBC-SHA SSLv3 RSA,512bits
> 8 EXP-RC4-MD5 SSLv2,SSLv3 RSA,512bits
>
>
> Does this tell you masters anything? It seems that it is SSLv3 only
> considering SSLv2 as even worse?
I'm not familiar with the details of cipherscan and how it evaluates
this, but reading from the reasonable interpretation of the above:
This is remarkably bad on a modern network.
SSLv2 has been explicitly prohibited for over 3 years now:
https://tools.ietf.org/html/rfc6176
And this is coming from a body (the IETF) that has a very difficult time
explicitly stating that a given protocol is prohibited.
The export ciphersuites (denoted here with the EXP- prefix) are also
known-broken (arguably, designed broken), and should never be used by
anyone who cares about confidentiality or integrity.
RC4 is also known to be significantly weaker than anything you should
want (we're working on explicitly prohibiting it [0]).
The single-DES ciphersuites (items 5 and 6 above) are also only ~56 bits
of security, which is far to little.
so the only two semi-plausible ciphers in the above list are 3 and 4,
and those are really only possibly acceptable in contexts vulnerable to
BEAST and the like (e.g. web browsers) if the server does record
splitting (e.g. [1]), which i would guess that an old unmaintained
server does not.
In short, keeping this server off the public internet is a good idea,
and its administrators should really do an overhaul of its TLS stack.
Please use modern, well-supported crypto. we know there are problems
with the old stuff.
--dkg
[0] https://tools.ietf.org/html/draft-ietf-tls-prohibiting-rc4
[1] https://rt.openssl.org/Ticket/Display.html?id=2635&user=guest&pass=guest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20141026/8ab2c076/attachment.sig>
More information about the pkg-mozilla-maintainers
mailing list