Bug#787505: libnss3: NSS 3.19.1 breaks icedove IMAPS to server with DH 786 temp key
Ben Caradoc-Davies
ben at transient.nz
Sat Jun 20 23:33:25 UTC 2015
On 21/06/15 09:48, Mike Hommey wrote:
> Can you check with 3.19.2-1?
Mike, I can confirm that this bug is still present in 3.19.2-1 (amd64
from incoming).
Tested using icedove as before, against the same server, which still has
a 768 bit DH temp key for IMAPS. Error log in icedove reports:
Timestamp: 21/06/15 11:01:42
Error: An error occurred during a connection to [hostname elided]:993.
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange
handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)
Current workaround is to disable DHE (and weak ciphers) by setting all
security.ssl3.* preferences to false except
security.ssl3.rsa_aes_256_sha which is set to true. With this setting,
IMAPS immediately starts to work.
The NSS 3.19.2 release notes state that the minimum key strength
requirements "will now only affect the minimum keystrengths used in
SSL/TLS", and a quick look in the code (sslimpl.h + ssl3con.c) confirms
that the test is still applied, so this release is not expected the fix
the failure:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes
A better solution may be for NSS to detect a weak DH temp key and
renegotiate with a non-DHE cipher. This would improve the user
experience, although with silent loss of forward secrecy. The best
solution is still for all servers to use strong keys (world peace, anyone?).
Kind regards,
--
Ben Caradoc-Davies <ben at transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand
More information about the pkg-mozilla-maintainers
mailing list