date:20131016

[SailfishDevel] Sailfish HTTPS / SSL default cipher list

2013-10-16 Thread Kari Pihkala

Hi Sailors!

After reading about the weak cipher list used in latest Android devices
[ http://op-co.de/blog/posts/android_ssl_downgrade/ ], I decided to check
how Sailfish looks like.

Fortunately, the native QML apps seem to use strong ciphers as the default
ciphers, at least in the emulator.

However, I can't test Sailfish/Jolla Android emulator, because I don't have
access to it. It would be great if someone who has access to it could
ensure that its cipher list doesn't have weak ciphers as default ciphers.
We don't want pirates to attack our connections :)

Here's my results from Sailfish SDK alpha, Android 2.2 and 4.2.2 emulator.
I run the emulators with simple apps which took https connections and at
the same time I run ssldump to see the cipher list. My ssldump version is
0.9b3 (Ubuntu 12.04) and it can't recognize all ciphers, but the unknown
values can be found at
http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml - I
have expanded some of them to the ssldumps.

> ssldump -i wlan0 -p 80

Sailfish SDK alpha, QML hello world app with this code:
IconButton {
   icon.source: "https://www.google.com/images/srpr/logo4w.png";
   onClicked: console.log("Google!!!")
}

cipher suites
Unknown value 0xa3 [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384]
Unknown value 0x9f [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384]
Unknown value 0x6b [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256]
Unknown value 0x6a [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256]
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0x88
Unknown value 0x87
Unknown value 0x9d
Unknown value 0x3d
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0x84
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xa2
Unknown value 0x9e
TLS_DHE_DSS_WITH_NULL_SHA
Unknown value 0x40
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0x9a
Unknown value 0x99
Unknown value 0x45
Unknown value 0x44
Unknown value 0x9c
Unknown value 0x3c
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x96
Unknown value 0x41
TLS_RSA_WITH_IDEA_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff

Android 2.2 emulator
cipher suites
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff

Android 4.2.2 emulator
cipher suites
TLS_RSA_WITH_RC4_128_MD5 BAD!!!
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0xc002
Unknown value 0xc004
Unknown value 0xc005
Unknown value 0xc00c
Unknown value 0xc00e
Unknown value 0xc00f
Unknown value 0xc007
Unknown value 0xc009
Unknown value 0xc00a
Unknown value 0xc011
Unknown value 0xc013
Unknown value 0xc014
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc003
Unknown value 0xc00d
Unknown value 0xc008
Unknown value 0xc012
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Unknown value 0xff

Firefox 21 (just to show how it looks like)
cipher suites
Unknown value 0xff [TLS_EMPTY_RENEGOTIA

Re: [SailfishDevel] System management is locked by the application with pid 5695 (zypper) - Win 7 (behind proxy)

2013-10-16 Thread Simon Bolek

In
windows -> computer -> environment variables
i created a system/global variable
*http_proxy*  with value *http://
:@:*

I also set those settings in SDKMaintenanceTool.exe under Settings.

br
simon :-)

On Tue, Oct 15, 2013 at 8:12 PM, Juha Kallioinen
wrote:

> On 10.10.2013 11:14, Simon Bolek wrote:
>
>>
>> I am behind the Proxy and already set up the http_proxy in global
>> variables like:
>> http://:@<**host>:
>>
>> When I try to manage->find a package e.g. ofono, i get:
>>
>> +++
>> NoMethodError at /C/targets/add
>> undefined method `include?' for nil:NilClass
>> file: sdk_helper.rb location: toolchain_exists line: 210
>> +++
>>
>> Are there issues when working behind proxy / win 7?
>>
>>  Hello,
>
> how did you set the proxy environment variables? There's probably a bug
> somewhere in the SDK control center, since the proxy case hasn't been
> tested at all, afaik.
>
> Best regards,
>  Juha
>
>
___
SailfishOS.org Devel mailing list

[SailfishDevel] Sailfish HTTPS / SSL default cipher list

Re: [SailfishDevel] System management is locked by the application with pid 5695 (zypper) - Win 7 (behind proxy)

2 matches

Site Navigation

Mail list logo

Footer information