Landed: https://bugzilla.mozilla.org/show_bug.cgi?id=1061273#c28
shows the final change. Please file a bug and CC me if you see any problems. Thanks to Bob, Ryan, Richard, and the rest for their help. On Tue, Jun 2, 2015 at 10:07 AM, Richard Newman <rnew...@mozilla.com> wrote: > This change will be landing in Nightly *this week*, so if you have > comments, please send them my way. > > On Fri, May 29, 2015 at 3:50 PM, Richard Newman <rnew...@mozilla.com> > wrote: > >> tl;dr: we're planning to switch the cipher suites and TLS versions >> supported by Sync and other background services in Firefox for Android. >> >> If you self-host and sync with Firefox for Android, maintain a >> third-party Sync client, or are very interested in cipher suites, read on. >> >> >> *History* >> >> We used to support Android versions back to API 5. This left some >> significant gaps in our coverage; combined with the LB support we had at >> the time, and some code limitations, we ended up with a less-than-ideal set >> of cipher suites and protocols, falling back on failure. >> >> >> *Modern context* >> >> There are a bunch of recent and not-so-recent attacks that we'd like to >> completely avoid by requiring strong cipher suites and protocols. >> >> We're still limited by older versions of Android, but we can still do >> better than we do now. >> >> Additionally, some devices ship a restricted Java SSL configuration, so >> we can actually cause crashes on those devices. I hope that this change >> will fix those problems. >> >> This is also a step towards tightening up server configurations, so the >> sooner we get this into deployed clients, the better. >> >> >> *Proposal* >> >> On modern Android, we plan to support only TLSv1.2 (preferred) and >> TLSv1.1. On older Android, we'll support only TLSv1, *eliminating >> support for SSLv3*. >> >> For cipher suites we'll support only the best available at each level: >> >> Gingerbread: >> TLS_DHE_RSA_WITH_AES_256_CBC_SHA >> >> Honeycomb onwards: >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA >> >> 4.4W onwards: >> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 >> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA >> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 >> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA >> >> >> As I understand it, these are a subset (with the exception of >> Gingerbread's, perhaps) of the cipher suites that we would like to support >> in production, so there should be no issues with matching support in recent >> desktop versions or on iOS. >> >> These selections will apply to FHR and other background services, too, so >> I'll be vetting those as best I can. >> >> >> *Testing* >> >> This proposal needs thorough testing as well as feedback, so — like all >> plans — it's subject to change. >> >> If these supported cipher suites or protocols stand out as bad choices to >> you, please let me know. >> >> I hope to land these changes in the next week or two, uplifting to Aurora >> and Beta as appropriate, with eventual release in 39 or 40. >> >> Thanks! >> >> -Richard >> > >
_______________________________________________ Sync-dev mailing list Sync-dev@mozilla.org https://mail.mozilla.org/listinfo/sync-dev
