bug#31946: 27.0.50; The NSM should warn about more TLS problems

[Jimmy Yuen Ho Wong]

Update:

I just tried with this node.js script:

#! /usr/bin/env node

const https = require('https');
const fs = require('fs');

const options = {
  key: fs.readFileSync('ryans-key.pem'),
  cert: fs.readFileSync('ryans-cert.pem'),
  ciphers: "DHE-RSA-AES128-GCM-SHA256"
};

https.createServer(options, (req, res) => {
  res.writeHead(200);
  res.end('hello world\n');
}).listen(8000);

Chrome gave me a ERR_SSL_VERSION_OR_CIPHER_MISMATCH, Firefox gave me a
SSL_ERROR_NO_CYPHER_OVERLAP, Safari just told me it can't establish a
connection.

Conversely, changing DHE to ECDHE will at least show me the warning
screen for a self-signed cert, so I'm fairly certain now that these 3
browsers have removed DHE KX.


Heads up:

I'm adding about 10 new checks into NSM ATM. Will send a early preview
patch here later today for feedback.


On Thu, Jun 28, 2018 at 7:15 PM, Jimmy Yuen Ho Wong <wyuenho@gmail.com> wrote:
> The Telemetry data[1] from Mozilla in bug report 1227519[2] suggests
> DHE usage is very low for HTTP. No data for any other protocol.
>
> I just used Wireshark on Chrome and Firefox on macOS, they all seem to
> advertise DH and DHE cipher suites in Client Hello for TLS 1.2, they
> even advertise CBC mode ciphers too. While I'm not sure about Firefox,
> surely Chrome has removed DHE_SHA KX and CBC modes according to
> ChromeStatus[3]?
>
>
> [1]: https://tlscanary.mozilla.org/runs/2018-01-25-01-21-44/
> [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1227519
> [3]: https://www.chromestatus.com/features#tls
>
> On Thu, Jun 28, 2018 at 6:01 PM, Lars Ingebrigtsen <larsi@gnus.org> wrote:
>> Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>>
>>>> I can't see that that web page mentions Diffie-Hellman at all?
>>>>
>>>
>>> Click on the individual browsers.
>>
>> I see.
>>
>>> SSLLabs only reports that Firefox 59 / Win 7 has dropped support for
>>> DHE_RSA in the UA capabilities page[1], but client test[2] still shows
>>> it is supported, so does Chrome and Safari. I don't understand what's
>>> going on there. Could that list in in client test be static? Or that
>>> browsers still advertise their support for DHE_RSA when in fact they
>>> don't? Might have to get on a server and log out the TLS handshake to
>>> see what's actually going on...
>>>
>>> [1]: https://www.ssllabs.com/ssltest/clients.html
>>> [2]: https://www.ssllabs.com/ssltest/viewMyClient.html
>>
>> My
>>
>> Chromium        66.0.3359.117 (Developer Build) built on Debian 9.4,
>> running on Debian 9.4 (64-bit)
>>
>> on the viewMyClient reports not supporting DHE-RSA.
>>
>> Confusing.  :-)
>>
>> I tried finding a web site that says how many sites do not support ECDHE
>> as key exchange, and only found something from 2014 that says that was
>> 60%...
>>
>> --
>> (domestic pets only, the antidote for overdose, milk.)
>>    bloggy blog: http://lars.ingebrigtsen.no