Bug#787505: libnss3: NSS 3.19.1 breaks icedove IMAPS to server with DH 786 temp key

Ben Caradoc-Davies ben at transient.nz
Sat Jun 20 23:33:25 UTC 2015


On 21/06/15 09:48, Mike Hommey wrote:
> Can you check with 3.19.2-1?

Mike, I can confirm that this bug is still present in 3.19.2-1 (amd64 
from incoming).

Tested using icedove as before, against the same server, which still has 
a 768 bit DH temp key for IMAPS. Error log in icedove reports:

Timestamp: 21/06/15 11:01:42
Error: An error occurred during a connection to [hostname elided]:993. 
SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange 
handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

Current workaround is to disable DHE (and weak ciphers) by setting all 
security.ssl3.* preferences to false except 
security.ssl3.rsa_aes_256_sha which is set to true. With this setting, 
IMAPS immediately starts to work.

The NSS 3.19.2 release notes state that the minimum key strength 
requirements "will now only affect the minimum keystrengths used in 
SSL/TLS", and a quick look in the code (sslimpl.h + ssl3con.c) confirms 
that the test is still applied, so this release is not expected the fix 
the failure:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes

A better solution may be for NSS to detect a weak DH temp key and 
renegotiate with a non-DHE cipher. This would improve the user 
experience, although with silent loss of forward secrecy. The best 
solution is still for all servers to use strong keys (world peace, anyone?).

Kind regards,

-- 
Ben Caradoc-Davies <ben at transient.nz>
Director
Transient Software Limited <http://transient.nz/>
New Zealand



More information about the pkg-mozilla-maintainers mailing list