Closed
Bug 973755
Opened 11 years ago
Closed 9 years ago
Implement AES-256 GCM cipher suites
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jes, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 (Beta/Release)
Steps to reproduce:
I wanted to ensure I was using the strongest cipher suites available in TLS v1.2. However, they are not implemented. Specifically, I wanted to only use ECDHE_ECDSA_AES_256_GCM_SHA384 or ECDHE_RSA_AES_256_GCM_SHA384.
Actual results:
For some reason, only ecdhe_ecdsa_aes_128_gcm_sha256 and security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 are implemented in Firefox 27.0.{0,1}, even though documentation states Firefox 27 supports TLS v1.2.
Expected results:
There should be support in Firefox 27.x and above for the following ciphers:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDH-RSA-AES256-GCM-SHA384
If all four can't be implemented, than at least these two should be implemented immediately:
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
They are specified in the RFC (http://tools.ietf.org/rfc/rfc5288.txt) and implemented in openssl (https://www.openssl.org/docs/apps/ciphers.html#TLS_v1_2_cipher_suites).
Until support for the above TLS v1.2 ciphers are implemented, the documentation should be updated to reflect "significantly limited support for TLSv1.2."
Thanks.
Severity: normal → major
Keywords: wsec-crypto
Assignee: nobody → nobody
Severity: major → normal
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: 27 Branch → trunk
Comment 1•11 years ago
|
||
(In reply to J from comment #0)
> For some reason, only ecdhe_ecdsa_aes_128_gcm_sha256 and
> security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 are implemented in Firefox
> 27.0.{0,1}, even though documentation states Firefox 27 supports TLS v1.2.
Supporting only ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and ECDHE_RSA_WITH_AES_128_GCM_SHA256 and not-supporting DHE_RSA_WITH_AES_128_GCM_SHA256 and RSA_WITH_AES_128_GCM_SHA256 are the expected features (bug 936828).
Not only Fx27, all branches except ESR support same cipher suites.
> Expected results:
>
> There should be support in Firefox 27.x and above for the following ciphers:
>
> ECDHE-ECDSA-AES256-GCM-SHA384
> ECDH-ECDSA-AES256-GCM-SHA384
> ECDHE-RSA-AES256-GCM-SHA384
> ECDH-RSA-AES256-GCM-SHA384
>
> If all four can't be implemented, than at least these two should be
> implemented immediately:
>
> ECDHE-ECDSA-AES256-GCM-SHA384
> ECDHE-RSA-AES256-GCM-SHA384
Fix of bug 923089 is required to support AES_256_GCM_SHA384 variants.
In addition, ECDH_* variants (no ephemeral keys) will not be enabled any more.
> Until support for the above TLS v1.2 ciphers are implemented, the
> documentation should be updated to reflect "significantly limited support
> for TLSv1.2."
Support of AES GCM in TLS 1.2 is just "optional".
There is no need to change the document at all.
Comment 2•11 years ago
|
||
This bug will be about the implementation of AES-256 GCM cipher suites in libssl. I presume that this will match the AES-128 support, which includes cipher suites that Firefox doesn't implement like the TLS_DHE_* and TLS_RSA_* variants.
I will file a separate bug for the enabling of the AES-256 GCM cipher suites in Gecko (Firefox). Everybody CC'd on this bug will be CC'd on the Gecko bug I'm creating. Please discuss Firefox-specific stuff there, and not in this NSS bug. NSS is a component shared by multiple products and each product has its own policies regarding which cipher suites it supports.
Severity: normal → enhancement
Depends on: 923089
OS: Linux → All
Hardware: x86_64 → All
Summary: Firefox 27.0.{0,1} Does Not Support AES_256_GCM Algorithms in TLS1.2 Implementation → Implement AES-256 GCM cipher suites
Updated•11 years ago
|
Comment 3•9 years ago
|
||
Bug 923089 fixed this.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•