SSL configuration improvements for PM Sync

Anything to do with the Pale Moon Sync service.
Towncivilian

SSL configuration improvements for PM Sync

Unread post by Towncivilian » 2016-07-19, 12:28

Please see SSL Report: pmsync.palemoon.net (45.32.3.19).

1024-bit Diffie-Hellman parameters are used currently; at least 2048-bit unique parameters should be used instead. See weakdh.org.

ECDHE GCM cipher suites should be prioritized at the top of the list since ECDHE is significantly quicker than DHE and GCM is more secure (see BEAST, CRIME, BREACH, and Lucky 13: Assessing TLS in ADCS). DHE should be next, then the static RSA cipher suites (GCM then CBC). RC4 should be eliminated unless there is a need to keep it around, and maybe 3DES too since Pale Moon on XP SP3 is not limited to using 3DES like IE8 is since PM uses NSS.

Prioritizing CAMELLIA is unusual - what's the reasoning behind it? There's nothing wrong with the cipher, other than not having a GCM option (but that's minor), I am just curious.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: SSL configuration improvements for PM Sync

Unread post by Moonchild » 2016-07-19, 16:27

I'm aware of the current state of the Sync server. The thing is that older android devices don't necessarily support strict SSL security, and older versions of PM4A still in use do not have modern ciphers enabled. This is currently a transitioning period and known weak ciphers like RC4 will be removed.
1024-bit DH is required for older versions of Java found on some mobile devices. This will be removed in time as well.

I've changed the priority of some of the ciphers now -- I had expected the lib itself to use ECDH in favor of DH but apparently it has to be explicitly configured.

As for prioritizing Camellia: I'm a strong proponent of Camellia over AES because it has no known weaknesses (unlike AES/Rijndael) but for some reason is actively shunned by stateside development teams (Mozilla has removed it entirely, despite being considered by authoritative bodies world-wide to be a strong and modern cipher). Also, OpenSSL refuses to consider adding a GCM version of Camellia to their lib despite the code for it already being there (making it unavailable in many popular server applications like nginx) although Pale Moon does support that as a client. So yeah, it's a bit of a fight, but I prioritize it where I can because it is absolutely robust.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Towncivilian

Re: SSL configuration improvements for PM Sync

Unread post by Towncivilian » 2016-07-19, 17:22

Thanks for your prompt reply. I had forgotten about P4MA, that makes sense regarding the older suites and 1024-bit DH. Makes sense about CAMELLIA too. It's too bad most browsers prioritize AES suites, then. I wonder if LibreSSL has added GCM for CAMELLIA...

Locked