#17217: NSS Handshake fails with TLS1.3

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

#17217: NSS Handshake fails with TLS1.3

Pidgin
#17217: NSS Handshake fails with TLS1.3
--------------------+--------------------------------------
 Reporter:  vobej   |      Owner:
     Type:  defect  |     Status:  new
Milestone:  2.12.1  |  Component:  libpurple
  Version:  2.12.0  |   Keywords:  ssl nss handshake tls1.3
--------------------+--------------------------------------
 The current behavior of the ssl-nss plugin is :
 * Force NSS to use the highest available TLS version

 {{{
         /* Make sure all versions of TLS supported by the local library
 are
            enabled. (For some reason NSS doesn't enable newer versions of
 TLS
            by default -- more context in ticket #15909.) */
 }}}

 * Enable a whitelist of ciphers manually

 {{{
 /* It's unfortunate we need to manage these manually,
  * ideally NSS would choose good defaults.
  * This is mostly based on FireFox's list:
  * https://hg.mozilla.org/mozilla-
 central/log/default/security/manager/ssl/src/nsNSSComponent.cpp */
 static void ssl_nss_init_ciphers(void) {
 }}}

 This however conflicts with TLS 1.3 test servers such as
 https://enabled.tls13.com/ and https://www.allizom.org/ as well as some
 live Cloudflare websites such as https://www.f-list.net/ (a chat network
 for which I'm maintaining a purple plugin)

 Despite the fact that those servers also support TLS1.2, setting the
 maximum version to TLS1.3 without enabling the corresponding ciphers
 yields to :

 {{{
 nss: Handshake failed  (-12286)
 }}}

 on NSS versions 3.29 and above (fedora 25, archlinux...)

 I have attached an example based on nullclient.c that showcases the issue,
 as well as a possible fix that enabled the TLS1.3 ciphers. Another
 solution would be to trust NSS's default list, maybe it's better nowadays
 than it was when the pidgin team decided to enabled algorithms manually ?

--
Ticket URL: <https://developer.pidgin.im/ticket/17217>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17217: NSS Handshake fails with TLS1.3

Pidgin
#17217: NSS Handshake fails with TLS1.3
--------------------------------------+------------------------
 Reporter:  vobej                     |       Owner:
     Type:  defect                    |      Status:  new
Milestone:  2.12.1                    |   Component:  libpurple
  Version:  2.12.0                    |  Resolution:
 Keywords:  ssl nss handshake tls1.3  |
--------------------------------------+------------------------

Comment (by dx):

 https://bitbucket.org/pidgin/main/pull-requests/218/ssl-nss-use-default-
 nss-ciphersuites-tls/diff

--
Ticket URL: <https://developer.pidgin.im/ticket/17217#comment:1>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17217: NSS Handshake fails with TLS1.3

Pidgin
In reply to this post by Pidgin
#17217: NSS Handshake fails with TLS1.3
--------------------------------------+------------------------
 Reporter:  vobej                     |       Owner:
     Type:  defect                    |      Status:  closed
Milestone:  2.10.13                   |   Component:  libpurple
  Version:  2.12.0                    |  Resolution:  fixed
 Keywords:  ssl nss handshake tls1.3  |
--------------------------------------+------------------------
Changes (by dx <dx@…>):

 * status:  new => closed
 * resolution:   => fixed
 * milestone:  2.12.1 => 2.10.13


Comment:

 (In [2deceb0f9ef9]):[[BR]]
 ssl-nss: Use default NSS ciphersuites/TLS versions, fixes TLS 1.3 issues

 Recent NSS versions (3.27, 3.29) added TLS 1.3 support without enabling it
 in
 the default configuration. But, for historical reasons, libpurple always
 enables the latest TLS version, sets custom ciphersuite lists and disables
 all
 the defaults, including ciphersuites needed for TLS 1.3 to work. This
 means
 that connections to servers that support TLS 1.3 (for example, anything
 behind
 cloudflare) always fail with "SSL Handshake Failed".

 The solution is to just not do any of that. NSS has decent defaults, they
 regularly update them and their devs will always know better than us.

 Fixes #17217

 The rest of the commit log is about those historical reasons.

 The main user of NSS is firefox, which keeps its own ciphersuite and TLS
 version preferences. In the past there were periods of time where firefox
 was
 ahead of the NSS defaults, which caused connection issues or eyebrow-
 raising
 ciphersuite choices. So libpurple tried to copy those prefs. I'm being
 told
 by the NSS devs that nowadays they do a better job at keeping up.

 The referenced issues in the deleted code are:

 - Trac #1435 (2007), some connection issues due to disabled ciphers.

 Probably NSS 3.11 or 3.12. So old it's not relevant, but interesting
 anyway.
 The fix (hg 32a4cf358f9c) was enabling things that look like bad choices
 nowadays, but the NSS defaults weren't better. Dark times. It looks like
 it was
 effective to solve connection issues. Newer NSS versions definitely fixed
 this,
 mostly with 3.14 (2012)

 - Trac #15909 (2014), TLS 1.1 and 1.2 supported but not enabled.

 NSS 3.14 (2012) introduced TLS 1.1; NSS 3.15.1 (2013) introduced TLS 1.2.
 It wasn't until NSS 3.18 (2015) that they were enabled by default. The fix
 was
 hg f4e63e354f45. This isn't needed anymore.

 - Trac #16262 (2014), "Enabled ciphers in NSS unnecessarily limited"

 Someone messed with ciphersuites in ejabberd and broke things. News at 11.
 The ticket says "we don't have ciphers that support forward security"
 ignoring
 that the DHE ones have that.

 This was NSS 3.17 (2014). The fix (hg f26d96f03176) took the ciphersuite
 lists
 from firefox to enable ECDHE and disable the defaults. ECDHE ciphersuites
 were
 enabled by NSS 3.21 (2015).

 - Trac #15862 (2014), "Disable Export ciphers and DES in SSL"

 Windows pidgin 2.10.7 (2013) bundled NSS 3.13.6 (2012). Those were
 disabled by
 NSS 3.14 (2012). Pidgin 2.10.8 (2014) updated to NSS 3.15.4 (2014).

 ---

 This means that old NSS versions with bad defaults will use those bad
 defaults.
 The earliest version in current LTS distros is 3.26, while our windows
 builds
 have the oldest version, 3.24. These versions aren't affected by any of
 the
 issues above.

--
Ticket URL: <https://developer.pidgin.im/ticket/17217#comment:2>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker
Reply | Threaded
Open this post in threaded view
|

Re: #17217: NSS Handshake fails with TLS1.3

Pidgin
In reply to this post by Pidgin
#17217: NSS Handshake fails with TLS1.3
--------------------------------------+------------------------
 Reporter:  vobej                     |       Owner:
     Type:  defect                    |      Status:  closed
Milestone:  2.12.1                    |   Component:  libpurple
  Version:  2.12.0                    |  Resolution:  fixed
 Keywords:  ssl nss handshake tls1.3  |
--------------------------------------+------------------------
Changes (by Robby):

 * milestone:  2.10.13 => 2.12.1


--
Ticket URL: <https://developer.pidgin.im/ticket/17217#comment:3>
Pidgin <https://pidgin.im>
Pidgin
_______________________________________________
Tracker mailing list
[hidden email]
https://pidgin.im/cgi-bin/mailman/listinfo/tracker