Red Hat Bugzilla – Bug 1019245
ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
Last modified: 2013-11-13 22:34:24 EST
that is the state of OpenSSL in Fedora after this morining
please coordinate with FF/TB maintainers
since OpenSSL in Fedora from now on supports ECDHE
depending software needs to be rebuilt to make use
of it as well as libraries like NSS/GNUTLS should
do the same and depending packages like Firefox
needs a rebuild against refreshed NSS to support
it also on the client side
i made some triage today
The NSS package does not implement ECC -- that's isolated to nss-softokn. Also, once nss-softokn is rebuilt, NSS will use it without requiring a rebuild, so I think this bug can be closed.
nss-util-3.15.2-2.fc20,nss-softokn-3.15.2-2.fc20,nss-3.15.2-3.fc20 has been submitted as an update for Fedora 20.
nss-util-3.15.2-2.fc19,nss-softokn-3.15.2-2.fc19,nss-3.15.2-2.fc19 has been submitted as an update for Fedora 19.
nss-util-3.15.2-2.fc18,nss-softokn-3.15.2-2.fc18,nss-3.15.2-2.fc18 has been submitted as an update for Fedora 18.
Package nss-util-3.15.2-2.fc20, nss-softokn-3.15.2-2.fc20, nss-3.15.2-3.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing nss-util-3.15.2-2.fc20 nss-softokn-3.15.2-2.fc20 nss-3.15.2-3.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
This does not appear to work. I'm running:
and ssllabs.com doesn't show any ECDHE cipher suites.
@Andy Lutomirski: you are on the wrong bugreport, this is for NSS which is *client-library* for TB/Firefox, you belong to https://bugzilla.redhat.com/show_bug.cgi?id=1019251 and there is *no httpd for F18/F19* which was rebuilt agianst the new openssl, that's why i maintain all server packages by myself and after a simple rebuild of httpd against the new openssl for sure ECDHE works
No, I'm pretty sure I'm on the right bug report, but my comment could have been clearer. I'm looking at:
I also used Wireshark to sniff the Client Hello that my Firefox is sending. None of the ECDHE cipher suites were listed and the supported curves extension wasn't sent.
(My openssl is good -- I can serve up ECDHE successfully using openssl s_client or a patched pyOpenSSL.)
my Firefox and Thunderbird for sure are using ECDHE on F19 proven by the addon above and my own dovecot-logfile in case of Thunderbird, maybe the default settings of Firefox 24 are crap, Firefox 25 should enable TLS > 1.0
set "security.tls.version.max" to 3 in about:config for FF24 for sure supports ECDHE too because i verfied this before the FF25 builds on koji, so the latest nss builds are fine!
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 Yes
TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0xff) -
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Forward Secrecy 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Forward Secrecy 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) Forward Secrecy 256
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x87) Forward Secrecy* 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) Forward Secrecy 256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x38) Forward Secrecy* 256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) 256
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Forward Secrecy 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Forward Secrecy 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) Forward Secrecy 128
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x44) Forward Secrecy* 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) Forward Secrecy 128
TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x32) Forward Secrecy* 128
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) 128
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
This should have nothing to do with TLS version. TLS 1.0 has supported ECC for a long time. And I don't see how Calomel is useful -- I just installed it (on a completely fresh Firefox profile, but still FF24) and it does not show the key exchange algorithm used.
Note that PFS is possible on Firefox even without ECC -- a fair number of sites support DHE-RSA key exchange.
Changing security.tls.version.max to 3 indeed enables TLS 1.2 (but is mostly pointless, at least on my current configuration, because it doesn't seem to enable GCM cipher suites).
Finally, Calomel is crap. It seems to consider 128-bit encryption to be weak. That's a bit odd, given that there are no 256-bit secure ciphers available in any TLS version. (AES-256 is *not* 256-bit secure .) The strongest symmetric cipher available is probably 3DES. If Calomel is going to pontificate on TLS security, it should know what it's talking about.
OK, figured it out. I had mismatched nss versions. Now that I've upgraded everything, I have ECDHE.
FWIW, upgrading nss-softokn without upgrading nss-softokn-freebl breaks www.google.com (and probably everything else). It may be worth adding some dependencies there.
I'll go and cast my bodhi votes.
> And I don't see how Calomel is useful and it does not
> show the key exchange algorithm used
because you still use FF24 which doe snot provide the needed API
what about *read* what provided links are saying?
UPDATE 2: Firefox 25 now allows the add on to query the full cipher suite. We have added the ability to grade the connection on each part of the cipher including key exchange, signature, bulk cipher and message authentication code. We also check and grade the cipher if it supports Perfect Forward Secrecy (PFS). "Calomel SSL Validation" version 0.64 for Firefox 25 and above is now available.
> Finally, Calomel is crap. It seems to consider 128-bit
> encryption to be weak. That's a bit odd, given that there
> are no 256-bit secure ciphers available in any TLS version
it does not if the 128bit is ECDHE, your current problem is FF < 25
that is one of the extensions which is really maintained and not
staying months behind the firefox development
Calomel 0.64 is a considerable improvement, but this is now thoroughly off-topic...
Created attachment 818047 [details]
it may be off-topic, but some last words with a screenshot
it's completly irrelevant what the extensions considers weak/strong/whatever
the relevant information are the encryption parameters
there are also descriptions on https://calomel.org/firefox_ssl_validation.html why some things are not get full points, and many of them will take years if you won't break TLS1.0 only clients
FWIW, on Firefox 25, you can test this with no extensions at all. Just go to, say, www.google.com, click the lock icon, and click "More Information...". The cipher suite (as opposed to just the cipher) will be shown.
correct, but only the full cipher and not the RSA lenght 1024/2048/4096 and other details like MAC which may be interesting in get things more secure in the future and test with https://www.ssllabs.com/ssltest/ and the handshake-simulation to make sure not break relevant clients
maybe someone will soon kill us both because we shoudl switch to the mailing-list, but on the other hand if someone finds this bugreport he may be grateful for additional infos
nss-util-3.15.2-2.fc19, nss-softokn-3.15.2-2.fc19, nss-3.15.2-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
nss-util-3.15.2-2.fc20, nss-softokn-3.15.2-2.fc20, nss-3.15.2-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
nss-util-3.15.2-2.fc18, nss-softokn-3.15.2-2.fc18, nss-3.15.2-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.