that is the state of OpenSSL in Fedora after this morining https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 please coordinate with FF/TB maintainers http://lwn.net/Articles/556731/
since OpenSSL in Fedora from now on supports ECDHE depending software needs to be rebuilt to make use of it as well as libraries like NSS/GNUTLS should do the same and depending packages like Firefox needs a rebuild against refreshed NSS to support it also on the client side i made some triage today _____________________________________________________ openssl: https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 nss-softokn https://bugzilla.redhat.com/show_bug.cgi?id=1019244 nss https://bugzilla.redhat.com/show_bug.cgi?id=1019245 firefox https://bugzilla.redhat.com/show_bug.cgi?id=1019247 thunderbird: https://bugzilla.redhat.com/show_bug.cgi?id=1019249 httpd: https://bugzilla.redhat.com/show_bug.cgi?id=1019251 dovecot: https://bugzilla.redhat.com/show_bug.cgi?id=1019253 postfix: https://bugzilla.redhat.com/show_bug.cgi?id=1019254 openssh: https://bugzilla.redhat.com/show_bug.cgi?id=1019256 dbmail: https://bugzilla.redhat.com/show_bug.cgi?id=1019259
The NSS package does not implement ECC -- that's isolated to nss-softokn. Also, once nss-softokn is rebuilt, NSS will use it without requiring a rebuild, so I think this bug can be closed.
nss-util-3.15.2-2.fc20,nss-softokn-3.15.2-2.fc20,nss-3.15.2-3.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/nss-util-3.15.2-2.fc20,nss-softokn-3.15.2-2.fc20,nss-3.15.2-3.fc20
nss-util-3.15.2-2.fc19,nss-softokn-3.15.2-2.fc19,nss-3.15.2-2.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/nss-util-3.15.2-2.fc19,nss-softokn-3.15.2-2.fc19,nss-3.15.2-2.fc19
nss-util-3.15.2-2.fc18,nss-softokn-3.15.2-2.fc18,nss-3.15.2-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/nss-util-3.15.2-2.fc18,nss-softokn-3.15.2-2.fc18,nss-3.15.2-2.fc18
Package nss-util-3.15.2-2.fc20, nss-softokn-3.15.2-2.fc20, nss-3.15.2-3.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-util-3.15.2-2.fc20 nss-softokn-3.15.2-2.fc20 nss-3.15.2-3.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-20126/nss-util-3.15.2-2.fc20,nss-softokn-3.15.2-2.fc20,nss-3.15.2-3.fc20 then log in and leave karma (feedback).
This does not appear to work. I'm running: openssl-devel-1.0.1e-30.fc19.x86_64 openssl-libs-1.0.1e-30.fc19.x86_64 nss-softokn-freebl-3.15.2-1.fc19.i686 openssl-1.0.1e-30.fc19.x86_64 nss-util-3.15.2-1.fc19.i686 nss-3.15.2-2.fc19.x86_64 openssl-debuginfo-1.0.1e-30.fc19.x86_64 openssl-libs-1.0.1e-30.fc19.i686 nss-util-3.15.2-1.fc19.x86_64 nss-softokn-freebl-3.15.2-1.fc19.x86_64 nss-sysinit-3.15.2-2.fc19.x86_64 nss-3.15.2-2.fc19.i686 nss-softokn-3.15.2-1.fc19.i686 nss-mdns-0.10-12.fc19.x86_64 nss-mdns-0.10-12.fc19.i686 nss-tools-3.15.2-2.fc19.x86_64 nss-softokn-3.15.2-1.fc19.x86_64 and ssllabs.com doesn't show any ECDHE cipher suites.
@Andy Lutomirski: you are on the wrong bugreport, this is for NSS which is *client-library* for TB/Firefox, you belong to https://bugzilla.redhat.com/show_bug.cgi?id=1019251 and there is *no httpd for F18/F19* which was rebuilt agianst the new openssl, that's why i maintain all server packages by myself and after a simple rebuild of httpd against the new openssl for sure ECDHE works
No, I'm pretty sure I'm on the right bug report, but my comment could have been clearer. I'm looking at: https://www.ssllabs.com/ssltest/viewMyClient.html I also used Wireshark to sniff the Client Hello that my Firefox is sending. None of the ECDHE cipher suites were listed and the supported curves extension wasn't sent. (My openssl is good -- I can serve up ECDHE successfully using openssl s_client or a patched pyOpenSSL.)
https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-validation/ my Firefox and Thunderbird for sure are using ECDHE on F19 proven by the addon above and my own dovecot-logfile in case of Thunderbird, maybe the default settings of Firefox 24 are crap, Firefox 25 should enable TLS > 1.0 set "security.tls.version.max" to 3 in about:config for FF24 for sure supports ECDHE too because i verfied this before the FF25 builds on koji, so the latest nss builds are fine! firefox-25.0-3.fc19.x86_64 thunderbird-24.1.0-1.fc18.x86_64 nss-tools-3.15.2-2.fc19.x86_64 nss-sysinit-3.15.2-2.fc19.x86_64 nss-3.15.2-2.fc19.x86_64 nss-softokn-freebl-3.15.2-2.fc19.x86_64 nss-softokn-3.15.2-2.fc19.x86_64 nss-util-3.15.2-2.fc19.x86_64
https://www.ssllabs.com/ssltest/viewMyClient.html TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 Yes TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff) - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x87) Forward Secrecy* 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy* 256 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) 256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) 256 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256 TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x44) Forward Secrecy* 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128 TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy* 128 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) 128 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) 128 TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
This should have nothing to do with TLS version. TLS 1.0 has supported ECC for a long time. And I don't see how Calomel is useful -- I just installed it (on a completely fresh Firefox profile, but still FF24) and it does not show the key exchange algorithm used. Note that PFS is possible on Firefox even without ECC -- a fair number of sites support DHE-RSA key exchange. Changing security.tls.version.max to 3 indeed enables TLS 1.2 (but is mostly pointless, at least on my current configuration, because it doesn't seem to enable GCM cipher suites). Finally, Calomel is crap. It seems to consider 128-bit encryption to be weak. That's a bit odd, given that there are no 256-bit secure ciphers available in any TLS version. (AES-256 is *not* 256-bit secure [1].) The strongest symmetric cipher available is probably 3DES. If Calomel is going to pontificate on TLS security, it should know what it's talking about. [1] https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
OK, figured it out. I had mismatched nss versions. Now that I've upgraded everything, I have ECDHE. FWIW, upgrading nss-softokn without upgrading nss-softokn-freebl breaks www.google.com (and probably everything else). It may be worth adding some dependencies there. I'll go and cast my bodhi votes.
> And I don't see how Calomel is useful and it does not > show the key exchange algorithm used because you still use FF24 which doe snot provide the needed API what about *read* what provided links are saying? https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-validation/ UPDATE 2: Firefox 25 now allows the add on to query the full cipher suite. We have added the ability to grade the connection on each part of the cipher including key exchange, signature, bulk cipher and message authentication code. We also check and grade the cipher if it supports Perfect Forward Secrecy (PFS). "Calomel SSL Validation" version 0.64 for Firefox 25 and above is now available. > Finally, Calomel is crap. It seems to consider 128-bit > encryption to be weak. That's a bit odd, given that there > are no 256-bit secure ciphers available in any TLS version it does not if the 128bit is ECDHE, your current problem is FF < 25 that is one of the extensions which is really maintained and not staying months behind the firefox development
Calomel 0.64 is a considerable improvement, but this is now thoroughly off-topic...
Created attachment 818047 [details] calomel screenshot it may be off-topic, but some last words with a screenshot it's completly irrelevant what the extensions considers weak/strong/whatever the relevant information are the encryption parameters there are also descriptions on https://calomel.org/firefox_ssl_validation.html why some things are not get full points, and many of them will take years if you won't break TLS1.0 only clients
FWIW, on Firefox 25, you can test this with no extensions at all. Just go to, say, www.google.com, click the lock icon, and click "More Information...". The cipher suite (as opposed to just the cipher) will be shown.
correct, but only the full cipher and not the RSA lenght 1024/2048/4096 and other details like MAC which may be interesting in get things more secure in the future and test with https://www.ssllabs.com/ssltest/ and the handshake-simulation to make sure not break relevant clients maybe someone will soon kill us both because we shoudl switch to the mailing-list, but on the other hand if someone finds this bugreport he may be grateful for additional infos
nss-util-3.15.2-2.fc19, nss-softokn-3.15.2-2.fc19, nss-3.15.2-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
nss-util-3.15.2-2.fc20, nss-softokn-3.15.2-2.fc20, nss-3.15.2-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
nss-util-3.15.2-2.fc18, nss-softokn-3.15.2-2.fc18, nss-3.15.2-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.