Warning: Both RC4 and MD5 are INSECURE. They are susceptible to practical attacks. Do not use them.
MD5 is already disabled by default. Real collisions have been produced, and used to forge certificates in the wild; its use as an HMAC is also strongly discouraged. It must never be used. RC4 (both RC4-MD5, RC4-SHA and other RC4 ciphers) is a very old stream cipher. It is thought some adversaries can already break it in real- time; in the public literature, several serious weaknesses have already been found (and at the time of writing, another one is on the way). An RFC will shortly be published - see <https://tools.ietf.org/html/draft- popov-tls-prohibiting-rc4-02> - entirely prohibiting the use of all RC4 ciphersuites in all circumstances. Some browsers are already in the process of turning it off. Please see the results at: - https://www.ssllabs.com/ssltest/analyze.html?d=centinel1000.cardinalcommerce.com - https://www.ssllabs.com/ssltest/analyze.html?d=inaturalist.org which indicate that these sites have deep problems with their encryption. centinel1000.cardinalcommerce.com seems to be run from an outdated Windows Server 2003 using IIS/6.0 (which hits end-of-life in about a year). It only offers insecure ciphersuites RC4-MD5 & RC4-SHA, and only over SSLv3 (it is intolerant of modern TLS 1.2 connections). You will see from the results that current versions of all mainstream browsers already refuse to connect to it, and in particular I must be clear it is NOT A BUG that curl and wget also refuse to do so - that is correct behaviour and should be regarded as bad as if it offered only 'export' ciphers. Its encryption is exploitably bad: I would consider it in breach of PCI requirements. inaturalist.com does not support TLS 1.2, uses RC4 (insecure) in preference to other ciphersuites, and offers 1024-bit DHE which is insecure. IE11 does the best it can there and connects with TLS_RSA_WITH_AES_128_CBC_SHA (0x2f); this is susceptible to BEAST, but not as bad as the above. The problem being reported by curl is that inaturalist.com is intolerant of TLS 1.2. This is also NOT A BUG with the client, but is a bug with the server. Some browsers retry with lower protocol versions automatically (and should use the "downgrade" SCSV to indicate this, as this is otherwise behaviour exploitable by an attacker); curl and wget do not. It is strongly likely that future versions of TLS libraries will completely ignore requests to use these ciphersuites: libReSSL disables it, and I think BoringSSL might too. At best, this is a stop-gap measure, but you should be aware the problem does not lie with you here. I suggest you contact the respective sites' security departments to inform them their encryption is weak. As this does not seem to be a bug in the client, I suggest closing this one. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1305175 Title: openssl 1.0.1f 'ssl handshake failure' connection failure To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1305175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
