On Aug 11, 2006, at 10:26 AM, Joe Cooley wrote:
I recently inspected ssl packets from the following apps: firefox 1.5.0.6 safari 2.0.4 (419.3) curl 7.15.4 with OpenSSL/0.9.7i I found that they list the following cipher suites during the client hello handshake protocol: (snippets from ethereal -V output...)
<snip>
Safari only seems to support DES, 3DES, and RC4 ciphers. My question is this: should I be concerned about privacy when *_RC4_* is the negotiated suite, i.e., in my tests, safari used TLS_RSA_WITH_RC4_128_SHA? Firefox and curl used TLS_DHE_RSA_WITH_AES_256_CBC_SHA.
RC4 when used correctly (which I believe it is in TLS) should not concern you much. What should concern you, however, is that Apple has chosen to include a testing/debug NULL cipher in their production (and completely unmodifiable w/o recompiling System.framework) cipherlist:
Cipher Suite: TLS_RSA_WITH_NULL_MD5 (0x0001)
This means that a malicious server can negotiate Safari into using no encryption at all, while still providing all the GUI feedback of a secure SSL connection...
For fun, fire off this command and visit localhost:4433 from both firefox and safari, and look at the packet dumps in ethereal (use any snakeoil server.* you have handy):
/usr/local/bin/openssl s_server -cert server.crt -key server.key -www -cipher 'AES:TLSv1:ALL:NULL:!RC4-SHA:!RC4-MD5:!DES-CBC3-SHA:!DES-CBC- SHA:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5'
I filed a bug with Apple on this back in February, I encourage others to do so as well at http://radar.apple.com. Ask them to include the AES ciphers while you're at it, it's only been 5 years or so since it was standardized...
Thanks, Eric
PGP.sig
Description: This is a digitally signed message part
