Hi all, I already have reported the following issue in the bug tracking system and now have been told that the bug has been closed and that I should put it for discussion here.
Please note that I am no way a security expert, so please don't blame me if the following is wrong. But I am sort of a technical person and eventually have understood the key points when it comes to SSL / TLS. So here we go: I have read several articles and white papers about what SSL / TLS ciphers are considered secure by cryptography experts. A short summary: 1) To enable forward secrecy, the key exchange should be done via "ephemeral" methods (those with "E" at the end of their names, e.g. DHE or ECDHE). 2) AES in GCM mode should be used as payload encryption method. 3) Elliptic curves should NOT be used, at least not the curves from NIST, because they are suspected (some even say: known) to be poisoned intentionally by several sorts of mechanisms. This means that that all ECDHE... ciphers are out of the game. 4) SHA256 or higher is considered safe enough to be used as hashing / digest method. Firefox does not offer a single cipher which fulfills all of these criteria. Steps to reproduce: In Firefox, open "about:config". Type "SSL3" into the search box to view the list of available SSL / TLS ciphers. Actual result: There is no cipher which fulfills all of the criteria mentioned above. Notably, all ciphers which use AES-GCM also use the contaminated ECDHE for key exchange; there is no cipher which offers AES-GCM and the secure DHE key exchange. Expected / desired result: There should at least be one cipher in the list which fulfills the criteria mentioned above, i.e. something like that: security.ssl3.dhe_rsa_aes_256_gcm_sha384 (note the dhe ... instead of ecdhe ...). Personally, I am considering that as a very serious security problem. The fact that other browsers might have the same problem does not change anything about that. I hereby propose that Mozilla enables at least one cipher like dhe_rsa_aes_256_gcm_sha384 as fast as possible. Regards, Binarus _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy