Re: oddball, old cipher suite in firefox client hello
On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges j...@somethingsimilar.com wrote: /* New non-experimental openly spec'ed versions of those cipher suites. */ #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe Does anyone know what spec this cipher suite came from? And, perhaps, why it's still a good idea to be in the client hello? This last question I ask very gently and out of curiosity. See http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html Based on reading that, these cipher suites seem to be be a way to backport the TLS 1.0 PRF to SSL 3.0 after NIST decided that the SSL 3.0 PRF was unacceptable, back when TLS 1.0 was still new and shiny. I agree it makes sense to remove it from Firefox's ClientHello and we already have plans for that. See https://briansmith.org/browser-ciphersuites-01.html. Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: oddball, old cipher suite in firefox client hello
Apologies, I said 1.2 here for the server, but, of course, it negotiated as TLS 1.0. On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges j...@somethingsimilar.comwrote: Hey, While poking around with a new web app I'm building, I noticed that Firefox 25.0 is emitting cipher suite 0xFEFF in its client hello to TLS 1.2 servers[1] and was hoping some of you might be able to tell me more about it. I wasn't able to find a spec referencing it (other than the TLS specs reserving the 0xFE space). I dug through the NSS codebase and found where it was defined in lib/ssl/sslproto.h as: /* New non-experimental openly spec'ed versions of those cipher suites. */ #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe What's interesting is that these lines of code have not been touched since changeset 206:4ca6e9545364, roughly the dawn of time for NSS repo. The changeset's summary is Initial NSS Open Source checkin like the ones before it. Does anyone know what spec this cipher suite came from? And, perhaps, why it's still a good idea to be in the client hello? This last question I ask very gently and out of curiosity. [1] and perhaps other versions, not yet tested. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: oddball, old cipher suite in firefox client hello
On 11/01/2013 01:43 AM, Brian Smith wrote: On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges j...@somethingsimilar.com wrote: /* New non-experimental openly spec'ed versions of those cipher suites. */ #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe Does anyone know what spec this cipher suite came from? And, perhaps, why it's still a good idea to be in the client hello? This last question I ask very gently and out of curiosity. See http://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html Based on reading that, these cipher suites seem to be be a way to backport the TLS 1.0 PRF to SSL 3.0 after NIST decided that the SSL 3.0 PRF was unacceptable, back when TLS 1.0 was still new and shiny. I agree it makes sense to remove it from Firefox's ClientHello and we already have plans for that. See https://briansmith.org/browser-ciphersuites-01.html. Brian's exactly right. These ciphers were added to allow FIPS validation of an NSS engine that could only do SSL3, not TLS 1.0. With TLS 1.0, these ciphers are no longer needed, and quite rightly should be removed from the ff client hello. bob Cheers, Brian smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: oddball, old cipher suite in firefox client hello
On Fri, November 1, 2013 5:30 pm, Wan-Teh Chang wrote: On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges j...@somethingsimilar.com wrote: I dug through the NSS codebase and found where it was defined in lib/ssl/sslproto.h as: /* New non-experimental openly spec'ed versions of those cipher suites. */ #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe We should remove these two nonstandard cipher suites from NSS. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto +1 Filed https://bugzilla.mozilla.org/show_bug.cgi?id=934033 for interested parties to track. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto