Nat! bio photo

Nat!

Senior Mull.

Twitter RSS

Github

I get ssl_error_unsafe_negotiation pretty much everywhere

Disclaimer: I am no crypto expert.

I want to use a strong digest and 256 bit encryption

I figured if I want to do https, I really want it to be as secure as possible. So I went to the Firefox about:config and turned off all ssl3 cipher combos except:

security.ssl3.rsa_camellia_256_sha;true

I can check in Firefox by clicking on the lock icon in the address bar and looking at the details of the site, if I am in fact running with Camellia-256 encryption. This worked well with Mulle kybernetiK, which is running a pretty much stock Apache server and the GLS Bank, but not much else.

So I had to enable some other cipher suit. My next candidate is

security.ssl3.rsa_aes_256_sha;true

This brings back all websites I care about, even those US sites, which usually per default want you to use RC4 (!) and 128 bit (Amazon, Apple).

Amazon though, now looks weird, because their images server can't deal with it.

require_safe_negotiation against MITM attacks

I also would like to set require_safe_negotiation, which I believe prevents some forms of man in the middle (MITM) attacks. I assume this is a way to fix the TLS Renegotiation Attack, but that's just an uneducated guess. Since the NSA is potentially on every router, this would be surely nice to have:

security.ssl.require_safe_negotiation;true
security.ssl.treat_unsafe_negotiation_as_broken;true

Alas Mulle kybernetiK doesn't mind, Amazon.com doesn't mind, but pretty much everybody else gives me ssl_error_unsafe_negotiation.

Currently, you can't really enable it. Since the MITM attack seems limited (write only, but not read). I can and have to live with it.

enable forward secrecy

After reading the SSL Labs: Deploying Forward Secrecy article, it seemed like a good idea, to move from rsa to dhe. I don't really trust EC stuff yet, so I ignored the ecdhe recommendation and I kind of wonder why the article would recommend to enable anything with RC4 in it, but as I said before, I am no crypto expert.

I changed my security settings in the Firefox configuration to

security.ssl3.dhe_rsa_aes_128_sha;true
security.ssl3.dhe_rsa_aes_256_sha;true
security.ssl3.dhe_rsa_camellia_128_sha;true
security.ssl3.dhe_rsa_camellia_256_sha;true

I dropped down to 128 bit encryption for compatibility, but because of the forward secrecy I "feel" safer than with the old configuration. This is actually looking quite useable on almost all sites even amazon.com. But google freaks out :(

When you look at it with the SSL Labs tool, it shows that it doesn't support DHE and it doesn't support CAMELLIA. Sure would be happy with the NSA favored ECDHE though...

security.ssl3.ecdh_rsa_aes_256_sha;true

brings back google.com and

security.ssl3.rsa_aes_256_sha;true

would bring back mozilla.org. But I leave that off for now.

Links

A detailed german article NSA abhörsichere SSL-Verschlüsselung für Apache und nginx that covers this topic in much better form and detail. Looks like I should be moving to GCM as soon as it's available for me (Firefox on 10.9)