Opened 6 years ago

Closed 6 years ago

#385 closed change (fixed)

Re-enable SSLv3 on the servers

Reported by: trev Assignee: trev
Priority: P2 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/6247625674194944

Description (last modified by trev)

Background

Some users have been complaining about connectivity issues (https://adblockplus.org/forum/viewtopic.php?f=16&t=18804 in particular) - turns out IE 6.0 supports TLS 1.0 but has it turned off by default. SSLv3 would work out of the box but we have it turned off because SSL Labs recommends against it.

What to change

In order to support IE 6.0 we have to enable SSLv3. We will also need to check the cyphers we support, according to https://www.ssllabs.com/ssltest/analyze.html?d=downloads.adblockplus.org IE6 doesn't support any of the cyphers we allow (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is the one that is considered secure according to SSL Labs and supports forward secrecy - currently disabled along with all other DES-based cyphers).

Change History (5)

comment:1 Changed 6 years ago by trev

  • Description modified (diff)

comment:2 Changed 6 years ago by trev

Currently we use the following ciphers list: EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA256 EECDH+aRSA+RC4 EDH+aRSA EECDH RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS (modified from this Qualys recommendation I think). The resulting ciphers are:

ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-RC4-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-RC4-SHA
ECDH-RSA-RC4-SHA
ECDH-ECDSA-RC4-SHA
RC4-SHA

Given that we no longer want to support RC4 (see #299) we probably want this cipher list: EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MD5 !EXP !PSK !SRP !DSS !RC4 +3DES DES-CBC3-SHA. This removes all RC4-based ciphers and adds 3DES-based ciphers instead - at the end of the list, as last resort:

ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-SEED-SHA
DHE-RSA-CAMELLIA128-SHA
ECDHE-RSA-DES-CBC3-SHA
ECDHE-ECDSA-DES-CBC3-SHA
EDH-RSA-DES-CBC3-SHA
DES-CBC3-SHA

Note that DES-CBC3-SHA means TLS_RSA_WITH_3DES_EDE_CBC_SHA which is supported by Internet Explorer 6 (I decided to go with this one - it should be better than supporting a DSS-based cipher).

I tested this configuration on a private server and got A+ on SSL Labs - all supported ciphers are considered secure (protocol support rating went down from 95 to 90 but that's expected). According to them, IE 6 and YandexBot can also connect now. Forward Secrecy is used by all clients with the exception of Internet Explorer on Windows XP and YandexBot - these are the only clients without support for Forward Secrecy.

Last edited 6 years ago by trev (previous) (diff)

comment:3 Changed 6 years ago by trev

  • Owner set to trev
  • Status changed from new to assigned

comment:4 Changed 6 years ago by trev

  • Review URL(s) modified (diff)
  • Status changed from assigned to reviewing

comment:5 Changed 6 years ago by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.