bug#31946: 27.0.50; The NSM should warn about more TLS problems

[Jimmy Yuen Ho Wong]

Correction:

This is the actualy cipher string I used
"DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256".

All 3 browsers fail to connect.

On Fri, Jun 29, 2018 at 6:21 AM, Jimmy Yuen Ho Wong <wyuenho@gmail.com> wrote:
> Update:
>
> I just tried with this node.js script:
>
> #! /usr/bin/env node
>
> const https = require('https');
> const fs = require('fs');
>
> const options = {
>   key: fs.readFileSync('ryans-key.pem'),
>   cert: fs.readFileSync('ryans-cert.pem'),
>   ciphers: "DHE-RSA-AES128-GCM-SHA256"
> };
>
> https.createServer(options, (req, res) => {
>   res.writeHead(200);
>   res.end('hello world\n');
> }).listen(8000);
>
> Chrome gave me a ERR_SSL_VERSION_OR_CIPHER_MISMATCH, Firefox gave me a
> SSL_ERROR_NO_CYPHER_OVERLAP, Safari just told me it can't establish a
> connection.
>
> Conversely, changing DHE to ECDHE will at least show me the warning
> screen for a self-signed cert, so I'm fairly certain now that these 3
> browsers have removed DHE KX.
>
>
> Heads up:
>
> I'm adding about 10 new checks into NSM ATM. Will send a early preview
> patch here later today for feedback.
>
>
> On Thu, Jun 28, 2018 at 7:15 PM, Jimmy Yuen Ho Wong <wyuenho@gmail.com> wrote:
>> The Telemetry data[1] from Mozilla in bug report 1227519[2] suggests
>> DHE usage is very low for HTTP. No data for any other protocol.
>>
>> I just used Wireshark on Chrome and Firefox on macOS, they all seem to
>> advertise DH and DHE cipher suites in Client Hello for TLS 1.2, they
>> even advertise CBC mode ciphers too. While I'm not sure about Firefox,
>> surely Chrome has removed DHE_SHA KX and CBC modes according to
>> ChromeStatus[3]?
>>
>>
>> [1]: https://tlscanary.mozilla.org/runs/2018-01-25-01-21-44/
>> [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1227519
>> [3]: https://www.chromestatus.com/features#tls
>>
>> On Thu, Jun 28, 2018 at 6:01 PM, Lars Ingebrigtsen <larsi@gnus.org> wrote:
>>> Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>>>
>>>>> I can't see that that web page mentions Diffie-Hellman at all?
>>>>>
>>>>
>>>> Click on the individual browsers.
>>>
>>> I see.
>>>
>>>> SSLLabs only reports that Firefox 59 / Win 7 has dropped support for
>>>> DHE_RSA in the UA capabilities page[1], but client test[2] still shows
>>>> it is supported, so does Chrome and Safari. I don't understand what's
>>>> going on there. Could that list in in client test be static? Or that
>>>> browsers still advertise their support for DHE_RSA when in fact they
>>>> don't? Might have to get on a server and log out the TLS handshake to
>>>> see what's actually going on...
>>>>
>>>> [1]: https://www.ssllabs.com/ssltest/clients.html
>>>> [2]: https://www.ssllabs.com/ssltest/viewMyClient.html
>>>
>>> My
>>>
>>> Chromium        66.0.3359.117 (Developer Build) built on Debian 9.4,
>>> running on Debian 9.4 (64-bit)
>>>
>>> on the viewMyClient reports not supporting DHE-RSA.
>>>
>>> Confusing.  :-)
>>>
>>> I tried finding a web site that says how many sites do not support ECDHE
>>> as key exchange, and only found something from 2014 that says that was
>>> 60%...
>>>
>>> --
>>> (domestic pets only, the antidote for overdose, milk.)
>>>    bloggy blog: http://lars.ingebrigtsen.no