https://bugzilla.novell.com/show_bug.cgi?id=865241 https://bugzilla.novell.com/show_bug.cgi?id=865241#c0 Summary: Konqueror allows insecure cipher suites with keys smaller than 128 bits Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Major Priority: P5 - None Component: KDE4 Applications AssignedTo: kde-maintainers@suse.de ReportedBy: mlj@chase.eclipse.co.uk QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 While following up on recent iOS/Safari SSL/TLS security bug, checked Konqueror at site https://www.howsmyssl.com/ and discovered it allows cipher suites with less than 128 bit encryption: Vis: Your client supports cipher suites that are known to be insecure: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_DHE_DSS_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_DHE_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_EXPORT_WITH_RC4_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. As I can not disable these cypher suites in Konqueror as far as I can see, I suspect KDE is lifting all installed default cipher suites from some where else in the system. Is it openSSL/ libgnutls28 / libopenssl1_0_0 / ca-certificates - I do not know enough. At least it can not be or mozilla-nss / ca-certificates-mozilla as Firefox is fine. Certainly a fix will need testing before roll out in case it breaks some legacy security. No d Reproducible: Always Steps to Reproduce: 1.Open Konqueror 2.Go to site https://www.howsmyssl.com/ 3. List of insecure cipher suites detected Actual Results: Version Good Your client is using TLS 1.2, the most modern version of the encryption protocol. It gives you access to the fastest, most secure encryption possible on the web. Learn More Ephemeral Key Support Good Ephemeral keys are used in some of the cipher suites your client supports. This means your client may be used to provide forward secrecy if the server supports it. This greatly increases your protection against snoopers, including global passive adversaries who scoop up large amounts of encrypted traffic and store them until their attacks (or their computers) improve. Learn More Session Ticket Support Good Session tickets are supported in your client. Services you use will be able to scale out their TLS connections more easily with this feature. Learn More TLS Compression Good Your TLS client does not attempt to compress the settings that encrypt your connection, avoiding information leaks from the CRIME attack. Learn More BEAST Vulnerability Good Your client is not vulnerable to the BEAST attack because it's using a TLS protocol newer than TLS 1.0. The BEAST attack is only possibly against clients using TLS 1.0 or earlier using Cipher-Block Chaining cipher suites that do not implement the 1/n-1 record splitting mitigation. Learn More Insecure Cipher Suites Bad Your client supports cipher suites that are known to be insecure: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_DHE_DSS_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_DHE_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_EXPORT_WITH_RC4_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. TLS_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. Learn More Given Cipher Suites The cipher suites your client said it supports, in the order it sent them, are: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_SEED_CBC_SHA TLS_DHE_DSS_WITH_SEED_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_SEED_CBC_SHA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Expected Results: TLS Compression Good Your TLS client does not attempt to compress the settings that encrypt your connection, avoiding information leaks from the CRIME attack. Learn More BEAST Vulnerability Good Your client is not vulnerable to the BEAST attack because it's using a TLS protocol newer than TLS 1.0. The BEAST attack is only possibly against clients using TLS 1.0 or earlier using Cipher-Block Chaining cipher suites that do not implement the 1/n-1 record splitting mitigation. Learn More Insecure Cipher Suites Good Your client doesn't use any cipher suites that are known to be insecure. Learn More Given Cipher Suites The cipher suites your client said it supports, in the order it sent them, are: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 Konqueror on openSuse 11.4 evergreen has this bug and also fails by offering TSL 1.0, and is open to Beast attack as it uses cypher suites that use Cypher-chain blocking. Mind you Firefox up to ver 24 was using TSL 1.0.as well on this system. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.