New issue
Advanced search Search tips

Issue 658341 link

Starred by 5 users
Status: Fixed
Owner:
davidben@chromium.org
Closed: Dec 2016
Cc:
awhalley@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Exp-Leadership: ----
Launch-Leadership: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: 56-Dev , 56-Beta , 56-Stable
Launch-Privacy: ----
Launch-Security: ----
Launch-Test: ----
Launch-UI: ----
Rollout-Type: ----

Blocking:
issue 666191



Sign in to add a comment

Remove CBC-mode ECDSA ciphers in TLS

Project Member Reported by davidben@chromium.org, Oct 21 2016 
(See http://www.chromium.org/blink#launch-process for an overview)

Change description:
Remove ECDHE_ECDSA_WITH_AES_128_CBC_SHA and ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS cipher suites.

TLS's CBC-mode construction is flawed, making it fragile and very difficult to implement securely. Although CBC-mode ciphers are still widely used with RSA, they are virtually nonexistent with ECDSA (0.00% in UMA).

Changes to API surface:
- Our ClientHello will no longer advertise the above ciphers.

Links:
Public standards discussion:
No discussion of this removal, but CBC-mode ciphers are extremely problematic and were removed in TLS 1.3:
https://tlswg.github.io/tls13-spec/#rfc.appendix.A.4
The upcoming TLS registry updates document also adds a "Recommended" column which will set all CBC-mode ciphers to "No".
https://tools.ietf.org/html/draft-sandj-tls-iana-registry-updates-01#section-6

Support in other browsers:
Internet Explorer: still offered
Firefox: still offered
Safari: still offered

*Make sure to fill in any labels with a -?, including all OSes this change
affects. Feel free to leave other labels at the defaults.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 22 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4177ecbfc8cbe19cbe48ca3da2052f3d83aec5e5

commit 4177ecbfc8cbe19cbe48ca3da2052f3d83aec5e5
Author: davidben <davidben@chromium.org>
Date: Sat Oct 22 01:47:18 2016

Remove ECDSA CBC ciphers.

BUG= 658341 

Review-Url: https://chromiumcodereview.appspot.com/2442883002
Cr-Commit-Position: refs/heads/master@{#426947}

[modify] https://crrev.com/4177ecbfc8cbe19cbe48ca3da2052f3d83aec5e5/net/socket/ssl_client_socket_impl.cc

Comment 2 by awhalley@chromium.org, Nov 16 2016

Labels: Launch-Status-Review-Requested

Comment 3 by davidben@chromium.org, Nov 17 2016

Blocking: 666191
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 17 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d406cdbcf3fac9986aae1f9aee48a2d902025e6e

commit d406cdbcf3fac9986aae1f9aee48a2d902025e6e
Author: davidben <davidben@chromium.org>
Date: Thu Nov 17 08:31:05 2016

Add an escape hatch for the ECDSA CBC cipher removal.

There are enough things going into Chrome 56 that this should have an
feature to restore the ciphers, should things go south.

BUG= 658341 

Review-Url: https://codereview.chromium.org/2510633003
Cr-Commit-Position: refs/heads/master@{#432813}

[modify] https://crrev.com/d406cdbcf3fac9986aae1f9aee48a2d902025e6e/net/socket/ssl_client_socket_impl.cc

Comment 5 by awhalley@google.com, Dec 8 2016

Status: Fixed (was: Assigned)

Sign in to add a comment