140014 2014-12-31 08:37:12 -0800 [SOUP] Disable RC4 2015-03-05 01:27:52 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Major --- 1 mcatanzaro mcatanzaro cgarcia commit-queue danw gustavo mcatanzaro mrobinson svillar oldest_to_newest 1058249 0 mcatanzaro 2014-12-31 08:37:12 -0800 It's past time to disable all ciphersuites that use RC4, which is no longer considered secure [1]. Instead, we should refuse to connect if the server only supports RC4. This can be expected to break ~1.5% of the top 1,000,000 web sites [2], so we should only push this change once a major browser does so first [3] [4]. [1] https://datatracker.ietf.org/doc/draft-ietf-tls-prohibiting-rc4/ [2] https://jve.linuxwall.info/blog/index.php?post/TLS_Survey [3] https://bugzilla.mozilla.org/show_bug.cgi?id=999544 [4] https://code.google.com/p/chromium/issues/detail?id=375342 1058250 1 243843 mcatanzaro 2014-12-31 08:40:22 -0800 Created attachment 243843 Patch 1058326 2 243843 mcatanzaro 2015-01-01 05:15:29 -0800 Comment on attachment 243843 Patch Not sure how this worked, since I failed to change the priority string in the network process. (But I'm pretty sure I had the network process enabled when I tested it. Hm....) 1058410 3 243843 danw 2015-01-02 06:24:57 -0800 Comment on attachment 243843 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=243843&action=review > Source/WebKit2/ChangeLog:8 > + Disallow the RC4 ciphersuite when performing TLS negotiation, because it "Disallow RC4-based ciphersuites". 1058788 4 mcatanzaro 2015-01-05 13:28:42 -0800 (In reply to comment #2) > (But I'm pretty sure I had the network process enabled > when I tested it. Hm....) I must have been wrong. (In reply to comment #3) > "Disallow RC4-based ciphersuites". Thanks. (In reply to comment #0) > This can be expected to break ~1.5% of the top 1,000,000 web sites [2], so > we should only push this change once a major browser does so first [3] [4]. I'm inclined to go ahead and push this to master now anyway, and never change it in 2.6.x. [1] lists some sites to check, including three that are broken after the proposed Firefox change. This change in WebKit breaks one of those three; the other two we already cannot display. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1114809 1058791 5 243997 mcatanzaro 2015-01-05 13:33:04 -0800 Created attachment 243997 Patch 1058814 6 mcatanzaro 2015-01-05 14:24:04 -0800 Actually actually, this got disabled in gnutls master recently, coincidentally the same day I filed this bug. So let's not do anything. 1070390 7 mcatanzaro 2015-02-19 06:15:58 -0800 GnuTLS is moving too slow and RFC 7465 has been proposed [1] so I want to move forward with this anyway. Carlos, can you commit this to 2.8 and master please? Not 2.6. [1] http://www.rfc-editor.org/rfc/rfc7465.txt 1070411 8 cgarcia 2015-02-19 08:21:53 -0800 (In reply to comment #7) > GnuTLS is moving too slow and RFC 7465 has been proposed [1] so I want to > move forward with this anyway. Carlos, can you commit this to 2.8 and master > please? Not 2.6. > > [1] http://www.rfc-editor.org/rfc/rfc7465.txt Why not 2.6? 1070414 9 mcatanzaro 2015-02-19 08:48:46 -0800 Because it will break sites that only offer RC4 (there's a "fun" discussion on this in the Firefox and Chrome bugs in the first post), so I prefer to delay it to the next major release, so that nobody has any reason not to upgrade from 2.6.x to 2.6.y, and servers has a little extra time to adjust. Besides, it will likely take at least a month (if we're lucky) for other browsers to follow along. Now, there is a talk about RC4 at Black Hat Asia, which is one day after the GNOME 3.16 release, which will present a new attack on RC4 that may be bad enough to necessitate a backport regardless. It's an iffy call whether to backport or not; I don't really mind either way as long as it's fixed going forward. 1073154 10 mcatanzaro 2015-03-01 09:04:17 -0800 FWIW Firefox is dropping RC4 for FF38 (to be released in late May) but they've added 650 sites that only offer RC4 to a whitelist (to be removed in the "near future" but who knows what that means). I think we can just break those sites; I expect when we dropped SSLv3 and accidentally stopped doing protocol version fallback we broke many more than that. If we want to do something like a whitelist we'd need to talk about new API in glib and libsoup (which would be nice to have regardless). See: https://developer.mozilla.org/en-US/Firefox/Releases/38/Site_Compatibility http://mxr.mozilla.org/mozilla-aurora/source/security/manager/ssl/src/IntolerantFallbackList.inc 1073156 11 mcatanzaro 2015-03-01 09:10:10 -0800 Actually that is a link to their voluntary protocol version fallback whitelist. Either their release notes have the wrong link, or they haven't added any RC4 sites to the whitelist yet. 1073316 12 cgarcia 2015-03-02 08:16:48 -0800 I'm lost with all this, TBH. Dan, Sergio, Martin, Gustavo? 1074241 13 mcatanzaro 2015-03-04 14:49:39 -0800 (In reply to comment #12) > I'm lost with all this, TBH. The issue is that an attacker can view the first 256 bytes of your connection (i.e. he has your session cookie -> he is you -> game over) using significant but practical computing power. And very many sites will always pick RC4 first even if the browser lists it as the lowest preference, because it is very fast (and they don't support newer fast algorithms like AES GCM mode), so we must stop offering it completely to avoid that. But a few servers still only support RC4 due to misconfiguration. And there is no way to fix this issue for most sites but not those "broken" sites: what Firefox was doing prior to this week was offering RC4 only in their fallback handshake, but that provides zero additional security against an active attacker since he will just block the initial handshake. (We could do that too to improve security against a *passive* attacker, but the real "benefit" of doing that would be to trick users into thinking the browser is secure on online TLS tests, so I don't support that. And the analogy is not perfect because Firefox actually does multiple fallback handshakes where as we do only one, but that doesn't matter.) So it's the wonderful choice of security vs. compatibility. We will have to make this choice many more times in the future. My preference is normally to err towards compatibility when all our competing browsers are just as insecure as we are, but in this case I'm not sure that's advisable. There is also a fairly good chance that if we don't fix it now we will be in a scramble to fix it three weeks from today, due to the Black Hat talk I mentioned above, but we can always wait and see! Note also that RC4 is disabled in GnuTLS 3.4, so the choice will soon be made for us unless we explicitly turn it on with the priority string, but it'll take a year or so for that to make its way into most distros. 1074250 14 mcatanzaro 2015-03-04 15:04:04 -0800 Note that https://bugzilla.gnome.org/show_bug.cgi?id=745637 would give us the power to implement a whitelist. I don't really want to do that, but it might be the best point on the security/compatibility compromise range. 1074435 15 243997 commit-queue 2015-03-05 01:27:46 -0800 Comment on attachment 243997 Patch Clearing flags on attachment: 243997 Committed r181073: <http://trac.webkit.org/changeset/181073> 1074436 16 commit-queue 2015-03-05 01:27:52 -0800 All reviewed patches have been landed. Closing bug. 243843 2014-12-31 08:40:22 -0800 2015-01-05 13:33:01 -0800 Patch bug-140014-20141231104025.patch text/plain 1578 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTc3NjIwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggZjQ0MmU1YjdiNjNiNGJj YTJmODdjMWNjZTgzYmFhNzQxZWI5YzE1NS4uMzVhMWVkZmQwNTc1YTlmNDA2OThiNDlhYmFiNjIy OGEzODQwMmIwNSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE0LTEyLTMxICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KKworICAgICAgICBbU09VUF0g RGlzYWJsZSBSQzQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTE0MDAxNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgIERpc2FsbG93IHRoZSBSQzQgY2lwaGVyc3VpdGUgd2hlbiBwZXJmb3JtaW5nIFRMUyBuZWdv dGlhdGlvbiwgYmVjYXVzZSBpdAorICAgICAgICBpcyBubyBsb25nZXIgY29uc2lkZXJlZCBzZWN1 cmUuCisKKyAgICAgICAgKiBXZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQcm9jZXNzTWFp bi5jcHA6CisgICAgICAgIChtYWluKToKKwogMjAxNC0xMi0xOSAgSmVzc2llIEJlcmxpbiAgPGpi ZXJsaW5Ad2Via2l0Lm9yZz4KIAogICAgICAgICBCdWlsZCBmaXguCmRpZmYgLS1naXQgYS9Tb3Vy Y2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQcm9jZXNzTWFpbi5jcHAg Yi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQcm9jZXNzTWFp bi5jcHAKaW5kZXggODdiNDViM2M1YzBkMzM2ZWY4NjljYWM3NjFkNjJlMWZkNThlYWU1OS4uNTZj YjNhYTU1ZGZiNzc0NThhNjE5ZmQ2N2ZmZTU3M2IyNWY2ZDU3YyAxMDA2NDQKLS0tIGEvU291cmNl L1dlYktpdDIvV2ViUHJvY2Vzcy9FbnRyeVBvaW50L3VuaXgvV2ViUHJvY2Vzc01haW4uY3BwCisr KyBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvRW50cnlQb2ludC91bml4L1dlYlByb2Nlc3NN YWluLmNwcApAQCAtMzksNyArMzksNyBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hhcioqIGFyZ3Yp CiAgICAgLy8gb3ZlcndyaXRlIHRoaXMgcHJpb3JpdHkgc3RyaW5nIGlmIGl0J3MgYWxyZWFkeSBz ZXQgYnkgdGhlIHVzZXIuCiAgICAgLy8gS2VlcCB0aGlzIGluIHN5bmMgd2l0aCBOZXR3b3JrUHJv Y2Vzc01haW4uY3BwLgogICAgIC8vIGh0dHBzOi8vYnVnemlsbGEuZ25vbWUub3JnL3Nob3dfYnVn LmNnaT9pZD03Mzg2MzMKLSAgICBzZXRlbnYoIkdfVExTX0dOVVRMU19QUklPUklUWSIsICJOT1JN QUw6JUNPTVBBVDolTEFURVNUX1JFQ09SRF9WRVJTSU9OOiFWRVJTLVNTTDMuMCIsIDApOworICAg IHNldGVudigiR19UTFNfR05VVExTX1BSSU9SSVRZIiwgIk5PUk1BTDolQ09NUEFUOiVMQVRFU1Rf UkVDT1JEX1ZFUlNJT046IVZFUlMtU1NMMy4wOiFBUkNGT1VSLTEyOCIsIDApOwogCiAgICAgcmV0 dXJuIFdlYlByb2Nlc3NNYWluVW5peChhcmdjLCBhcmd2KTsKIH0K 243997 2015-01-05 13:33:04 -0800 2015-03-05 01:27:46 -0800 Patch bug-140014-20150105153307.patch text/plain 3010 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMTc3NjIwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggZjQ0MmU1YjdiNjNiNGJj YTJmODdjMWNjZTgzYmFhNzQxZWI5YzE1NS4uNzNiYmY0YjhkNjcwY2JlY2ZhNDI0ZmVkMDI5YThk YmI0NjYzZDE5YyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE1LTAxLTA1ICBNaWNo YWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNvbT4KKworICAgICAgICBbU09VUF0g RGlzYWJsZSBSQzQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTE0MDAxNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAg ICAgIERpc2FsbG93IFJDNC1iYXNlZCBjaXBoZXJzdWl0ZXMgd2hlbiBwZXJmb3JtaW5nIFRMUyBu ZWdvdGlhdGlvbiwKKyAgICAgICAgYmVjYXVzZSBpdCBpcyBubyBsb25nZXIgY29uc2lkZXJlZCBz ZWN1cmUuCisKKyAgICAgICAgKiBOZXR3b3JrUHJvY2Vzcy9FbnRyeVBvaW50L3VuaXgvTmV0d29y a1Byb2Nlc3NNYWluLmNwcDoKKyAgICAgICAgKG1haW4pOgorICAgICAgICAqIFdlYlByb2Nlc3Mv RW50cnlQb2ludC91bml4L1dlYlByb2Nlc3NNYWluLmNwcDoKKyAgICAgICAgKG1haW4pOgorCiAy MDE0LTEyLTE5ICBKZXNzaWUgQmVybGluICA8amJlcmxpbkB3ZWJraXQub3JnPgogCiAgICAgICAg IEJ1aWxkIGZpeC4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL05ldHdvcmtQcm9jZXNzL0Vu dHJ5UG9pbnQvdW5peC9OZXR3b3JrUHJvY2Vzc01haW4uY3BwIGIvU291cmNlL1dlYktpdDIvTmV0 d29ya1Byb2Nlc3MvRW50cnlQb2ludC91bml4L05ldHdvcmtQcm9jZXNzTWFpbi5jcHAKaW5kZXgg MWFjZDEzM2M3ZDE4ZGVlNDY4ZmU0YTkwNzk5N2NhYWE5OGRiOTY5Ni4uYjI4MmUxNmEzNzgxMGE3 ZDdmMTIzZDA1Y2ZhMDcxZjc2MmMzZDU4MiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvTmV0 d29ya1Byb2Nlc3MvRW50cnlQb2ludC91bml4L05ldHdvcmtQcm9jZXNzTWFpbi5jcHAKKysrIGIv U291cmNlL1dlYktpdDIvTmV0d29ya1Byb2Nlc3MvRW50cnlQb2ludC91bml4L05ldHdvcmtQcm9j ZXNzTWFpbi5jcHAKQEAgLTM3LDkgKzM3LDkgQEAgaW50IG1haW4oaW50IGFyZ2MsIGNoYXIqKiBh cmd2KQogICAgIC8vIFRoaXMgd29ya2Fyb3VuZCB3aWxsIHN0b3Agd29ya2luZyBpZiBnbGliLW5l dHdvcmtpbmcgc3dpdGNoZXMgYXdheSBmcm9tCiAgICAgLy8gR251VExTIG9yIHNpbXBseSBzdG9w cyBwYXJzaW5nIHRoaXMgdmFyaWFibGUuIFdlIGludGVudGlvbmFsbHkgZG8gbm90CiAgICAgLy8g b3ZlcndyaXRlIHRoaXMgcHJpb3JpdHkgc3RyaW5nIGlmIGl0J3MgYWxyZWFkeSBzZXQgYnkgdGhl IHVzZXIuCi0gICAgLy8gS2VlcCB0aGlzIGluIHN5bmMgd2l0aCBXZWJQcm9jZXNzTWFpbi5jcHAu CiAgICAgLy8gaHR0cHM6Ly9idWd6aWxsYS5nbm9tZS5vcmcvc2hvd19idWcuY2dpP2lkPTczODYz MwotICAgIHNldGVudigiR19UTFNfR05VVExTX1BSSU9SSVRZIiwgIk5PUk1BTDolQ09NUEFUOiVM QVRFU1RfUkVDT1JEX1ZFUlNJT046IVZFUlMtU1NMMy4wIiwgMCk7CisgICAgLy8gV0FSTklORzog VGhpcyBuZWVkcyB0byBiZSBLRVBUIElOIFNZTkMgd2l0aCBXZWJQcm9jZXNzTWFpbi5jcHAuCisg ICAgc2V0ZW52KCJHX1RMU19HTlVUTFNfUFJJT1JJVFkiLCAiTk9STUFMOiVDT01QQVQ6JUxBVEVT VF9SRUNPUkRfVkVSU0lPTjohVkVSUy1TU0wzLjA6IUFSQ0ZPVVItMTI4IiwgMCk7CiAKICAgICBy ZXR1cm4gTmV0d29ya1Byb2Nlc3NNYWluVW5peChhcmdjLCBhcmd2KTsKIH0KZGlmZiAtLWdpdCBh L1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvRW50cnlQb2ludC91bml4L1dlYlByb2Nlc3NNYWlu LmNwcCBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvRW50cnlQb2ludC91bml4L1dlYlByb2Nl c3NNYWluLmNwcAppbmRleCA4N2I0NWIzYzVjMGQzMzZlZjg2OWNhYzc2MWQ2MmUxZmQ1OGVhZTU5 Li41ZjQ1ZDAxYWY3OGFlODY2OGM5ZGU3N2FkYzFiZjAxYWIwMTA4Y2RhIDEwMDY0NAotLS0gYS9T b3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL0VudHJ5UG9pbnQvdW5peC9XZWJQcm9jZXNzTWFpbi5j cHAKKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9FbnRyeVBvaW50L3VuaXgvV2ViUHJv Y2Vzc01haW4uY3BwCkBAIC0zNyw5ICszNyw5IEBAIGludCBtYWluKGludCBhcmdjLCBjaGFyKiog YXJndikKICAgICAvLyBUaGlzIHdvcmthcm91bmQgd2lsbCBzdG9wIHdvcmtpbmcgaWYgZ2xpYi1u ZXR3b3JraW5nIHN3aXRjaGVzIGF3YXkgZnJvbQogICAgIC8vIEdudVRMUyBvciBzaW1wbHkgc3Rv cHMgcGFyc2luZyB0aGlzIHZhcmlhYmxlLiBXZSBpbnRlbnRpb25hbGx5IGRvIG5vdAogICAgIC8v IG92ZXJ3cml0ZSB0aGlzIHByaW9yaXR5IHN0cmluZyBpZiBpdCdzIGFscmVhZHkgc2V0IGJ5IHRo ZSB1c2VyLgotICAgIC8vIEtlZXAgdGhpcyBpbiBzeW5jIHdpdGggTmV0d29ya1Byb2Nlc3NNYWlu LmNwcC4KICAgICAvLyBodHRwczovL2J1Z3ppbGxhLmdub21lLm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 NzM4NjMzCi0gICAgc2V0ZW52KCJHX1RMU19HTlVUTFNfUFJJT1JJVFkiLCAiTk9STUFMOiVDT01Q QVQ6JUxBVEVTVF9SRUNPUkRfVkVSU0lPTjohVkVSUy1TU0wzLjAiLCAwKTsKKyAgICAvLyBXQVJO SU5HOiBUaGlzIG5lZWRzIHRvIGJlIEtFUFQgSU4gU1lOQyB3aXRoIFdlYlByb2Nlc3NNYWluLmNw cC4KKyAgICBzZXRlbnYoIkdfVExTX0dOVVRMU19QUklPUklUWSIsICJOT1JNQUw6JUNPTVBBVDol TEFURVNUX1JFQ09SRF9WRVJTSU9OOiFWRVJTLVNTTDMuMDohQVJDRk9VUi0xMjgiLCAwKTsKIAog ICAgIHJldHVybiBXZWJQcm9jZXNzTWFpblVuaXgoYXJnYywgYXJndik7CiB9Cg==