ciphers

[Thorin-Oakenpants]

expanding on #905

Just things to consider

• JA3 link (https://jwlss.pw/ja3/)
• extra test link (browserleaks)
• expand list of weak ciphers
• explain why each type is weak
• stats:
  • click me - list of cipher suite codes
  • click me - cipher suite usage

some notes from @rusty-snake : this is ALL the ciphers

/* 1261: disable 3DES (effective key size < 128)
 * [1] https://en.wikipedia.org/wiki/3des#Security
 * [2] https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
 * [3] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html ***/
   // user_pref("security.ssl3.rsa_des_ede3_sha", false);

/* xxxx: Disable weak CIPHERS
   128: 
   SHA1:
   CBC:
   NOPFS:
   DHE:
***/
   // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128; SHA1; CBC;
   // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128; SHA1; CBC;
   // ^^ was 1262: disable 128 bits

   // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128; SHA1; CBC; DHE;
   // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // SHA1; CBC; DHE;
   // was 1263: disable DHE (Diffie-Hellman Key Exchange)
   // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH

   // user_pref("security.ssl3.rsa_aes_128_sha", false); // 128; SHA1; CBC; NOFPS;
   // user_pref("security.ssl3.rsa_aes_256_sha", false); // SHA1; CBC; NOFPS;
   // was 1264: disable other (which is not a very helpful description)

   // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // SHA1; CBC;
   // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // SHA1; CBC;
  // ^^ last two are the new ones

[rusty-snake]

To simplify it, all are using SHA1 and CBC.

SHA1:
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
https://en.wikipedia.org/wiki/SHA-1#Attacks

CBC:
https://en.wikipedia.org/wiki/POODLE#POODLE_attack_against_TLS
https://en.wikipedia.org/wiki/Cipher_block_chaining

[rusty-snake]

/* xxxx: Disable weak ciphers
   All these use SHA1 and CBC which should be considered broken. [1] [2]
   128: 
   NOPFS: https://en.wikipedia.org/wiki/Forward_secrecy
   DHE: Diffie-Hellman key exchange w/o Elliptic-curves
   [1]: https://en.wikipedia.org/wiki/SHA-1#Attacks
   [2]: https://en.wikipedia.org/wiki/POODLE#POODLE_attack_against_TLS
***/
   // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128;
   // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128;
   // ^^ was 1262: disable 128 bits

   // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128; DHE;
   // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // DHE;
   // was 1263: disable DHE (Diffie-Hellman Key Exchange)
   // https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH

   // user_pref("security.ssl3.rsa_aes_128_sha", false); // 128; NOFPS;
   // user_pref("security.ssl3.rsa_aes_256_sha", false); // NOFPS;
   // was 1264: disable other (which is not a very helpful description)

   // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
   // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
  // ^^ last two are the new ones

[earthlng]

I like https://ja3er.com/ because it works without JS

[Thorin-Oakenpants]

https://phabricator.services.mozilla.com/D66270

[crssi]

^^ shouldn't every ssl3 be disabled?

[Thorin-Oakenpants]

There are other tickets for other ciphers and it will depend on what uses them