Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve cryptographic security: Deprecate insecure encryption cipher suites #115

Open
MacLemon opened this issue May 3, 2020 · 1 comment

Comments

@MacLemon
Copy link

MacLemon commented May 3, 2020

Summary:

Improve cryptographic security by deprecating insecure cipher suites and improving key exchange. Including easy short term improvements and longer term suggestions to modernize the available encryption.

Steps to Reproduce:

When creating a bookmark, Wired Client asks for a cipher suite to use for the server connection.
Most users are not able to make a secure choice there. (Because most users are not familiar with cryptography and also because there are no fully secure cipher suites available at all.)
The available ciphers must be required by the server, not be a client side choice with insecure defaults.

Expected Results:

Wired Client should ideally autonegotiate the best available cipher available from server and client, not ask the user to make a choice they cannot really make in a good manner.

Short term improvement suggestion

Change the default cipher to RSA - AES/256 - SHA512 which ist already implemented and the best available suite at the moment of this writing. It's still not an ideal choice.
Reservations regarding CPU load are unwarranted since all CPUs since 2009 support hardware accelerated encryption with AES. In fact, AES256 with AES-NI (provided via openssl) causes less CPU overhead than Blowfish or 3DES.

Near term improvement suggestion

Remove insecure ciphers from client and server, they also give users and admins a false sense of security:

Remove any cipher that still uses SHA1

SHA1 is an insecure hashing function that has been deprecated for many years now.

  • RSA - AES/128 - SHA1
  • RSA - AES/192 - SHA1
  • RSA - AES/256 - SHA1
  • RSA - BF/128 - SHA1
  • RSA - 3DES/192 - SHA1

Remove any cipher that still uses BF (Blowfish)

Blowfish is even considered insecure and deprecated by its original author (Bruce Schneier).

  • RSA - BF/128 - SHA1
  • RSA - BF/128 - SHA256
  • RSA - BF/128 - SHA512

Remove any cipher hat still uses 3DES (Triple DES)

  • RSA - 3DES/192 - SHA1
  • RSA - 3DES/192 - SHA256
  • RSA - 3DES/192 - SHA512

Provide better guidance until auto negotiation handles this is a secure manner.

At the very least, these insecure ciphers should be explicitly marked as deprecated and insecure to encourage users making better choices by hinting them and providing a better default.
For example, by putting them into a submenu named Insecure ciphers.

For a future release these ciphers should be removed from the client all together. We should give server operators some heads up so they can change their settings in advance should that be necessary.

Actual Results:

Wired Client requires the user to pick from a list of outdated cipher suites without any guidance. This must be handled by the handshake and server requirements.

Wired Client provides an insecure and outdated default putting users unnecessarily at risk.
There's only outdated and some outright insecure ciphers available. (Insecure hashing via SHA1, insecure/outdated symmetric encryption via BF and 3DES.)
There are no modern and secure AEAD cipher suites available. (CHACHA20-POLY1305, AESGCM)
There's no modern key exchange mechanism available that provides forward secrecy. (Only Plain RSA but not ECDHE which would be provided by openssl.)

Regression:

n/a

Notes:

Secure TLS connections should be using one of the following TLS 1.2/TLS1.3 cipher suites:

  • ECDHE-RSA-CHACHA20-POLY1305
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES128-GCM-SHA256

These cipher suites also implement forward secrecy which is a mandatory property for secure connections these days.
These cipher suites also make use of hardware crypto acceleration, like AES-NI provided by intel/AMD CPUs (or NEON on ARM). These suites therefor cause less CPU overhead on servers.

Version Information:

Wired Client 2.5 (56)

@seiichi-yoshimune
Copy link

Wired Client should ideally autonegotiate the best available cipher available from server and client
better the server should enforce tls v1.3 with forward secrecy, client is out of control.. ie. it could be patched to enforce flawed weak cyphers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants