I'm on it.
I merged- and compiled the patchset successfully and got the expected
(good) results on the following SSL-testing sites:
https://www.poodletest.com
https://zmap.io/sslv3
https://www.ssllabs.com/ssltest/viewMyClient.html
https://www.howsmyssl.com/
http://m.heise.de/uxss-check
Very big THANKS to Wolfgang Wiedmeyer for looking into this!
Now I try to review the code as good as I can. I found some links, which
may help me to do that:
Use TLS 1.2 and AES as the default cipher.:
http://review.cyanogenmod.org/#/c/51771/1
Revert the TLS 1.1/1.2 disable commits:
https://android.googlesource.com/platform/external/chromium/+/fb292835997c64a14669de65d74ba5357aa4d7d7
https://android.googlesource.com/platform/libcore/+/3d74b4bec8543e6e3f89eafe3afe0925f3a69f01
Some more links to TLS 1.2:
https://android.googlesource.com/platform/libcore/+/9de94e4
https://android.googlesource.com/platform/libcore/+/5336055
https://android.googlesource.com/platform/external/conscrypt/+/336e8eb
The most current/useful links I've found:
Addition of TLS v1.1 and v1.2:
https://android.googlesource.com/platform/libcore/+/3e6dd45baa0d7f9b4fa06f4ade76e088b59cc7bf%5E!
And the removal again:
https://android.googlesource.com/platform/libcore/+/0731920fdf845358cc13ce78292f9e80e143f915%5E!/
- weak RC4 ciphers are enabled
Additionally I wanted to modify the cipher (priority) list and drop weak
ciphers. For that I've found some helpful links, too:
https://developer.android.com/reference/javax/net/ssl/SSLSocket.html
https://github.com/owncloud/android/issues/679
http://op-co.de/blog/posts/android_ssl_downgrade/
I already made an additionally "0005-remove-more-weak-ciphers.patch" for
the existing patchset, but after installing the freshly compiled image,
I killed my mobile data and complete phone functionality irrecoverable,
(factory reset wasn't enough, I had to flash an alternative ROM and
switch back to Replicant again to got this functionalities back, so I
don't want to share this first try). The problem was for sure, that I
dropped too much old ciphers, which (some of them) are fundamental
necessary for some phone protocols...
- no OCSP stapling
Probably this could help a bit?
https://github.com/CyanogenMod/android_external_chromium_org_third_party_boringssl_src/commit/6c7aed048ca0a335e02dfee10976c5dc8620783e
But I fear this could be a lot of porting work, because the link is for
boringssl and chromium...
IMHO, finally the insecure 'mixed content' stuff should also be a point
on the reported problem list, exactly:
- CSS
- Scripts
- XMLHttpRequest
- WebSockets
- Frames
The most current/useful links I've found for this:
https://w3c.github.io/webappsec/specs/mixedcontent/
If offline, alternative link:
https://web.archive.org/web/20151006004652/https://w3c.github.io/webappsec-mixed-content/
https://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/browser.cc?r1=85954&r2=85953&pathrev=85954
And last but not least, I've collected some links from the Android 5.0
changelog for the points above:
https://developer.android.com/about/versions/android-5.0-changes.html
# Harden (EC)DSA signatures against weak nonces
https://android.googlesource.com/platform/external/conscrypt/+/60f8380
# Disable 3DES cipher suites in SSLSocket
https://android.googlesource.com/platform/libcore/+/9a61ef3
# Disable MD5 cipher suites in SSLSocket and SSLEngine
https://android.googlesource.com/platform/external/conscrypt/+/42bd279
# Assert static key ECDH disallowed in default cipher suites
https://android.googlesource.com/platform/libcore/+/69f9b8d
# Enable support for TLSv1.2 cipher suites in SSLSocket
# This adds support for AES-GCM and AES-CBC with MACs based on SHA256
and SHA384
https://android.googlesource.com/platform/libcore/+/9e73d3f
# Enable TLSv1.1 and TLSv1.2 by default for SSLSocket
https://android.googlesource.com/platform/external/conscrypt/+/1f63d2c
# Enable AES-GCM cipher suites by default in SSLSocket
https://android.googlesource.com/platform/libcore/+/0f0e96a
# Actually prefer Forward Secrecy cipher suites
https://android.googlesource.com/platform/external/conscrypt/+/5aa3d43
https://android.googlesource.com/platform/libcore/+/1169c54
# Prefer Forward Secrecy TLS/SSL cipher suites by default
https://android.googlesource.com/platform/external/conscrypt/+/df17f02
https://android.googlesource.com/platform/libcore/+/4892adf
# Remove unsupported Cipher modes
https://android.googlesource.com/platform/external/conscrypt/+/0a47f2b
# Remove HarmonyJSSE SSLContext, SSLSocket and SSLServerSocket
https://android.googlesource.com/platform/external/conscrypt/+/e1da091
Thanks for reading until here :)
On 10.11.2015 00:57, Kurtis Hanna wrote:
Did anyone have time to review these patches?
On Sun, 27 Sep 2015 23:17:18 +0200
Wolfgang Wiedmeyer <[email protected]> wrote:
My Self provided in the following post an overview of the different
ssl/tls
issues with different android browsers:
https://redmine.replicant.us/boards/39/topics/8007?r=9081#message-9081
You can do the test from ssllabs yourself here:
https://www.ssllabs.com/ssltest/viewMyClient.html
For the stock android browser the following problems get reported:
- no support for TLS version > 1.0
- affected by logjam and freak vulnerability
- vulnerable to poodle attack or more general: SSL version 3 is not
disabled
- weak RC4 ciphers are enabled
- no OCSP stapling
Except for OCSP stapling I was able fix all issues so that the test
for them
passes. The patches for disabling SSLv3, enabling TLSv1.1 and
TLSv1.2 and removal of weak RC4 ciphers was completely written by
myself, so
please review these patches carefully! I cannot guarantee that the
implementation is complete or without bugs, nor am I a security expert
or familiar with the code base. I just sat down and tried to fix these
issues.
Replicant has openssl version 1.0.1c and it is not easy to find
working
patches for recent vulnerabilities for such an old version. I was able
to use patches for Ubuntu 12.04 LTS, as it has openssl 1.0.1 (slightly
older). These patches only needed very little modifications and solved
the logjam and freak vulns. There are a lot more security related
patches in the Ubuntu package, so these could also be included in
replicant.
If there are any trustworthy testing tools for webview
vulnerabilities,
I could also try to make fixes for these. I couldn't find any so far.
_______________________________________________
Replicant mailing list
[email protected]
http://lists.osuosl.org/mailman/listinfo/replicant
_______________________________________________
Replicant mailing list
[email protected]
http://lists.osuosl.org/mailman/listinfo/replicant
