Bug 1570402 - openssl excludes 3DES as cipher. affects firefox as well
Summary: openssl excludes 3DES as cipher. affects firefox as well
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: crypto-policies
Version: 28
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Red Hat Crypto Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-22 15:11 UTC by mvharlan
Modified: 2018-04-23 07:53 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2018-04-23 07:53:29 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description mvharlan 2018-04-22 15:11:58 UTC
Description of problem:

/etc/crypto-policies/back-ends/openssl.config

contains !3DES excluding 3des as a valid openssl cipher. This breaks
firefox an sites only accepting 3des. There are quite a few of them
out there.

maybe it's a bit too hard to drop 3des.
using s_client you can add the cipher again using -cipher 3des
firefox has no such option.

Version-Release number of selected component (if applicable):

Fedora 28 beta

How reproducible:

openssl s_client -connect www.sonnenertrag.eu:443 -debug

or use firefox to access the site. firefox doesn't link
dynamically against libssl, but it has the same problem.
I assume libssl is linked static


Steps to Reproduce:
1. try openssl s_client
2. try firefox

Actual results:

firefox cannot access legacy web sites

Expected results:

firefox should be able to access legacy sites

Additional info:

chromium-browser doesn't have the problem. it uses gnutls

Comment 1 Tomas Mraz 2018-04-23 07:53:29 UTC
The crypto-policies determine which ciphersuites are enabled nowadays. Not just for OpenSSL, but for NSS (which is what Firefox uses) and GnuTLS. Chromium does not use gnutls, it uses Google's own OpenSSL fork (BoringSSL), that's why it does not follow crypto-policies.

The 3DES is seriously weakened by the latest attacks due to it being just 64bit block size cipher if you transfer large amounts of data with the same key. As TLS does not provide automatic rekeying it is susceptible to this weakness. That's the reason why we try to deprecate 3DES.

You can switch the crypto policy to LEGACY if you need to overcome this deprecation.

Run as root:

update-crypto-policies --set LEGACY


Note You need to log in before you can comment on or make changes to this bug.