[tor-bugs] #20751 [Applications/TorBirdy]: enforce stronger ciphers in torbirdy

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Nov 23 19:17:46 UTC 2016 

#20751: enforce stronger ciphers in torbirdy
---------------------------------------+-----------------------------------
     Reporter:  cypherpunks            |      Owner:  sukhbir
         Type:  enhancement            |     Status:  new
     Priority:  Low                    |  Milestone:
    Component:  Applications/TorBirdy  |    Version:
     Severity:  Minor                  |   Keywords:  torbirdy, thunderbird
Actual Points:                         |  Parent ID:
       Points:                         |   Reviewer:
      Sponsor:                         |
---------------------------------------+-----------------------------------
 The last RFC from 2015 regarding TLS (https://www.rfc-
 editor.org/rfc/rfc7525.txt) makes
 recommendations regarding the use of ciphers, this ciphers are just
 included in TLS v. 1.2.
 <i>
 4.2.  Recommended Cipher Suites
    Given the foregoing considerations, implementation and deployment of
    the following cipher suites is RECOMMENDED:

    o  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    o  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    o  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    o  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    These cipher suites are supported only in TLS 1.2 because they are
    authenticated encryption (AEAD) algorithms [RFC5116].</i>

 Maybe it's a good idea for torbirdy to enforce stronger ciphers and tls v
 1.2 (TLS v 1.1 was published in 2006 and TLS v1.2 published in 2008) and
 only to allow weaker ciphers if the user deliberately changes the setting
 (eg in "Torbirdy Preferences", checkbox "Allow weak ciphers and TLS
 downgrade"). Esp. because torbirdy users always face the risk of a
 malicious exit node, that might try a downgrade attack. And if an email
 provider in late 2016, still doesn't support the IETF recommendations from
 2016 (RFC 7525), maybe it's just not a good idea to use them with torbirdy
 (by specifically enabling weaker settings, by checking a box, the user
 should know that it's not the best idea to use this email provider any
 longer)

 Therefore I recommend the following tls/tls-settings for torbirdy's next
 release.
 (I took them from this German site: https://privacy-
 handbuch.de/handbuch_31k.htm)

 security.tls.version.min = 3                    //enforce tls v 1.2
 security.ssl3.* false
 security.ssl3.ecdhe_rsa_aes_128_gcm_sha256      true
 security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256    true

 //prevent insecure recognition
 security.ssl.require_safe_negotiation   true
 security.ssl.treat_unsafe_negotiation_as_broken         true

 //strict key pinning [1]
 security.cert_pinning.enforcement_level 2

 [1]https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20751>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list