More OpenSSL security fixes

Discussion in 'privacy technology' started by BoerenkoolMetWorst, Aug 7, 2014.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    And here we go again:

    OpenSSL 0.9.8 users should upgrade to 0.9.8.zb
    OpenSSL 1.0.0 users should upgrade to 1.0.0n.
    OpenSSL 1.0.1 users should upgrade to 1.0.1i.
    https://www.openssl.org/news/secadv_20140806.txt
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  5. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    I'd like to know why firefox (who claim our security and privacy is a priorty, *cough* * cough*) doesn't support the stronger cipher suites that opensll does.
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Different project, different team, different work pace.

    Which ones are missing by the way?
     
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Firefox uses openssl so surely the same ciphers should be in it ?
    Forefox only supports two of the TLSv1.2 cipher suites. Most of the firefox cipher suites are SSLv3

    The two TLSv1.2 suites Firefox supports are;
    security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256
    security.ssl3.ecdhe_rsa_aes_128_gcm_sha256

    The ones missing are all the strongest TLS v1.2 ciphers. At least some of which meet the NSA suite B cryptography standard.

    openssl ciphers -v
    ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
    ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
    ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
    ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
    DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS Enc=AESGCM(256) Mac=AEAD
    DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
    ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
    ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
    ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
    ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
     
    Last edited: Jul 9, 2015
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    https://www.openssl.org/news/secadv_20150709.txt
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    721
    I'm not an expert but I think that's incorrect. The removal of SSLv3 support was announced in Oct. 2014 for v. 34. I'm not sure, though, if that removal was delayed as the releasenotes for v. 39 says:
    And regarding those security.ssl3... entries in about:config Daniel Veditz wrote:
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Firefox uses NSS, not OpenSSL
    The 256 bit AES-GCM ciphers are indeed still missing. Firefox only supports 128 bit AES-GCM with ECDHE_ECDSA and ECDHE_RSA. Chrome(also uses NSS) does support those, but also only 128 bit.
    They chose not to support plain RSA because it lacks Forward Secrecy and DHE_RSA because a lot of servers are configured with only 1024 bit, though more are switching to 2048 after Logjam.
    I would encourage people to vote here on adding 256 bit AES-GCM to Firefox.
    https://bugzilla.mozilla.org/show_bug.cgi?id=975832
    https://bugzilla.mozilla.org/show_bug.cgi?id=923089
    https://bugzilla.mozilla.org/show_bug.cgi?id=973755

    Btw, @summerheat is correct on the SSLv3.
     
  11. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Well there is a distinction to be made between the protocol version and the cipher suites.
    The cipher suites I marked as TLSv1.2 cipher suites are only compatible with TLSv1.2
    TLS is backwards compatible with the SSL cipher suites so the cipher suites from SSLv3 work with TLS.
    Although the Firefox devs implemented TLSv1.2 some time ago they only implemented two of the new TLSv1.2 ciphers the rest of them are all legacy ciphers from SSLv3 and I do not see any legitimate reason for this.

    I know the preferences in firefox are named SSL regardless of the protocol but the firefox config naming policy is not what I was referring to.
     
    Last edited: Jul 9, 2015
  12. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Ahhh that explains a lot. NSS is owned by Mozilla...
     
    Last edited: Jul 9, 2015
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Yes, I agree with that. Though most the rest of the ciphers are not from SSLv3, but TLSv1.0 and extensions for TLSv1.0.
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    http://www.securityweek.com/openssl-patches-moderate-severity-vulnerabilities
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
     
  17. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
     
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas

    https://www.openssl.org/news/secadv/20160301.txt
     
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Yep, I noticed Debian fired out some of the ssl stuff today on my VM's.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  23. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    http://www.securityweek.com/recently-patched-openssl-flaw-still-plagues-top-sites
     
  24. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Guess people will just have to start using QUALS SSL Server test: https://dev.ssllabs.com/ssltest/ whenever they want to perform e-commerce activities with a web site.

    I personally just using the tried and true phone connection more and more for my retail activities.
     
  25. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    752
    Location:
    SW USA
    Yeah, that's great tool. Some results are absolutely horrific in this day and age.

    I went back to paper for one of my credit cards last year when their support failed to respond to my emails about their using decade-old ciphers and authentication. I've used the card for almost 35 years, so I didn't want to dump 'em altogether.

    FYI for all: this is a really useful extension for Mozilla browsers.
    https://github.com/sibiantony/ssleuth
     
Loading...