On Fri, Dec 13, 2013 at 10:48 PM, <marlene.pr...@hushmail.com> wrote:
> I present a proposal to remove some vulnerable/deprecated/legacy TLS > ciphersuits from Firefox. I am not proposing addition of any new > ciphersuits, changing of priority order, protocol removal, or any other > changes in functionality. Hi, Thank you for suggesting these changes, and thank you for posting your message on the public mailing list. (I also appreciate the private email you sent me on the subject.) I will comment on your proposal again later. However, I want to share with you some usage data from Firefox 28 Beta, that I think we will find helpful in understanding what servers do. These numbers represent the cipher suite chosen by the server for 4,011,451 real-life full handshakes in Firefox 28 beta. First, here are the figures, sorted according to the order we offer the cipher suite in the ClientHello: Cipher Suite Count % ---------------------------------------------------------- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 567,486 14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 332,786 8.30% TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 10,952 0.27% TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0 0.00% TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 19,472 0.49% TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0 0.00% TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0 0.00% TLS_ECDHE_RSA_WITH_RC4_128_SHA 19,117 0.48% TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 4,601 0.11% TLS_DHE_RSA_WITH_AES_128_CBC_SHA 226,177 5.64% TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 44 0.00% TLS_DHE_RSA_WITH_AES_256_CBC_SHA 23,319 0.58% TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 1,088 0.03% TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 557 0.01% TLS_DHE_DSS_WITH_AES_128_CBC_SHA 9 0.00% TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0 0.00% TLS_RSA_WITH_AES_128_CBC_SHA 1,053,521 26.26% TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 18 0.00% TLS_RSA_WITH_AES_256_CBC_SHA 36,203 0.90% TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0 0.00% TLS_RSA_WITH_3DES_EDE_CBC_SHA 7,065 0.18% TLS_RSA_WITH_RC4_128_SHA 1,507,191 37.57% TLS_RSA_WITH_RC4_128_MD5 201,845 5.03% Below are the same figures, sorted by frequency (most popular first). The final column is an indication, of the cipher suites you suggest to remove, whether I think this data offers strong evidence for the removal; "Remove-" means "the data seems to contradict your recommendation," "Remove?" means more study is needed, and "Remove+" means that the data supports your conclusion. Cipher Suite Count % ---------------------------------------------------------- TLS_RSA_WITH_RC4_128_SHA 1,507,191 37.57% Remove- TLS_RSA_WITH_AES_128_CBC_SHA 1,053,521 26.26% Remove- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 567,486 14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 332,786 8.30% TLS_DHE_RSA_WITH_AES_128_CBC_SHA 226,177 5.64% TLS_RSA_WITH_RC4_128_MD5 201,845 5.03% TLS_RSA_WITH_AES_256_CBC_SHA 36,203 0.90% TLS_DHE_RSA_WITH_AES_256_CBC_SHA 23,319 0.58% TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 19,472 0.49% TLS_ECDHE_RSA_WITH_RC4_128_SHA 19,117 0.48% Remove? TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 10,952 0.27% TLS_RSA_WITH_3DES_EDE_CBC_SHA 7,065 0.18% Remove- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 4,601 0.11% Remove? TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 1,088 0.03% Remove? TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 557 0.01% Remove? TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 44 0.00% Remove? TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 18 0.00% Remove? TLS_DHE_DSS_WITH_AES_128_CBC_SHA 9 0.00% Remove? TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0 0.00% TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0 0.00% TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 0 0.00% Remove+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0 0.00% Remove+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 0 0.00% Remove+ Your idea of offering a subset of cipher suites during the initial handshake, and then falling back to another handshake later, requires more discussion and more measurements to be done. I would like to do something similar to what you suggest. Note that my Remove+/?/- comments should not be taken as an acceptance or rejection of your suggestions. I just want you to know my initial impression, based on a quick look of the data. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
