Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS Session Resumption Allows For Permanent User Tracking #768

Closed
ilikenwf opened this issue Oct 19, 2018 · 17 comments
Closed

TLS Session Resumption Allows For Permanent User Tracking #768

ilikenwf opened this issue Oct 19, 2018 · 17 comments

Comments

@ilikenwf
Copy link

ilikenwf commented Oct 19, 2018
edited
Loading

I can confirm that with the below options set as shown, the SSLLabs test confirms my TLS "tickets" are disabled. Both entries must be created if added manually.

  • Set security.enable_tls_session_tickets to false
  • Set security.ssl.disable_session_identifiers to true

SSL Labs Test: https://www.ssllabs.com/ssltest/viewMyClient.html
@ilikenwf ilikenwf changed the title TLS Session Resumption Can Allow for Permanent User Tracking TLS Session Resumption Allows For Permanent User Tracking Oct 19, 2018
@WagnerGMD
Copy link

WagnerGMD commented Oct 20, 2018
edited
Loading

First of all, thank you @ilikenwf for the discovery.
Do you plan @MrAlex94 to rectify this matter for the next version (aka WaterFox_v56.2.4) ?

TLS_v1.3_NotYetEnable_WaterFox_v56.2.3
Because as you can see (on these pictures) WaterFox_v56.2.3 has a fews little security trouble...

lockPref("security.tls.version.max",4);
## Otherwise open the page "about:config" and replace it (right now, the current value is 3) !

Then it will enable the TLS_v1.3 because no (at this moment) it isn't already the case.

Weak_TLS_RSA-WaterFox_v56.2.3
Apparently it very easy to correct these weaks :

pref("security.ssl3.dhe_rsa_aes_128_sha",false);
pref("security.ssl3.dhe_rsa_aes_256_sha",false);
pref("security.ssl3.rsa_aes_128_sha",false);
pref("security.ssl3.rsa_aes_256_sha",false);
pref("security.ssl3.rsa_des_ede3_sha",false);

What was the trouble with GitHub ? Warning because at the first time I wasn't enable to login...
For now the trouble has vanished.

lockPref("security.enable_tls_session_tickets",false);
lockPref("security.ssl.disable_session_identifiers",true);

DisableTheSessionTickets_WaterFox_v56.2.3

@ntrf
Copy link

ntrf commented Oct 20, 2018

Session resumption (either with session id or with encrypted tickets) is necessary to make fast connections to server. Without them browser will have to perform a complete TLS handshake on each connection. There are still websites configured to reset connection after every single HTTP request (to minimize server resources usage). With both session id and tickets disabled, browser will have to reconnect to such server for each image and script used on a page. This will slow down connections significantly.

TLS 1.3 is not much of a solution. Without tickets it does allows you to reconnect without additional packet round trip, but both browser and server have to perform a public-key authentication, which it not a fast thing. However, HTTP/2 is a solution, because it elliminates a need for reconnect.

A practical solution is for browser to expire session id's and tickets after a short period of time - about 2h. According to the paper, Firefox has 1 day validity period for sessions, which i think is too long. Additionaly, disallow session tickets use for cross-origin requests. That should make use of session tickets impractical for tracking purposes, but will still allow browser to load fast. A more advanced solution is possible - allowing longer storage of tickets from servers, if user has a saved password for it.

Finally, while this is a valid concern, there is nothing sessions tickets of today's Firefox allow you to do, that is not possible with tracking IP addresses.

@ilikenwf
Copy link
Author

ilikenwf commented Oct 20, 2018
edited
Loading

Privacy and security are more important than fast connections...with the resume tickets disabled I notice no difference in speed.

@WagnerGMD
Copy link

WagnerGMD commented Oct 26, 2018
edited
Loading

WarningAbout-TLS_v1.0-BrowserWaterFox_v56.2.4.

Just a little summary about WaterFox_v56.2.4 !

Since a few days there is one new warning (describe in this picture).
Next time @MrAlex94 could give your opinion about this matter ? Because (the update was done yesterday and) now I can confirm the fact : no you didn't rectify those trouble.

@Squall-Leonhart
Copy link

Privacy and security are more important than fast connections...with the resume tickets disabled I notice no difference in speed.

no they aren't.

@ilikenwf
Copy link
Author

WarningAbout-TLS_v1.0-BrowserWaterFox_v56.2.4.

Just a little summary about WaterFox_v56.2.4 !

Since a few days there is one new warning (describe in this picture).
Next time @MrAlex94 could give your opinion about this matter ? Because (the update was done yesterday and) now I can confirm the fact : no you didn't rectify those trouble.

Set this to 2:

security.tls.version.min

@Atavic
Copy link

Atavic commented Oct 30, 2018

Firefox Test Case 2: TLS protected HTTP request and session resumption
The total time to get the web pages is 0.383s.

Firefox Test Case 3: TLS protected HTTP request and no session resumption
The total time to get the web pages is 0.419s.

See:
https://www.kth.se/social/files/554640caf2765477b39c6c2c/2G1305_Assignment_Asa_Pehrsson_050908.pdf

@Atavic Atavic mentioned this issue Oct 30, 2018
Closed
2 tasks
@WagnerGMD
Copy link

WagnerGMD commented Nov 3, 2018
edited
Loading

pref("security.tls.version.min",2);
I had found by my own but thank you @ilikenwf for the help (or the confirmation), truly I appreciate.

@WagnerGMD WagnerGMD mentioned this issue Nov 4, 2018
Closed
@ilikenwf ilikenwf mentioned this issue Nov 20, 2018
Closed
@ilikenwf ilikenwf mentioned this issue Jan 2, 2019
Closed
@Ibuprophen Ibuprophen mentioned this issue Apr 29, 2019
Closed
@kikaragyozov
Copy link

kikaragyozov commented Jun 22, 2019
edited
Loading

How long till this is implemented, so we don't have to tinker it in about:config ourselves/share the link issue to our peers?

@ilikenwf
Copy link
Author

ilikenwf commented Jun 22, 2019 via email

@WagnerGMD
Copy link 

defaultPref("security.ssl3.rsa_aes_128_sha",false);
lockPref("security.ssl3.dhe_rsa_aes_128_sha",false);
lockPref("security.ssl3.dhe_rsa_aes_256_sha",false);
lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha",false);
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha",false);
lockPref("security.ssl3.ecdhe_rsa_aes_128_sha",false);
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha",false);
lockPref("security.ssl3.rsa_aes_256_sha",false);
lockPref("security.ssl3.rsa_des_ede3_sha",false);
lockPref("security.ssl.enable_false_start",false);
lockPref("security.tls.enable_0rtt_data",false);
lockPref("security.tls.version.min",3);
lockPref("security.tls.version.max",4);

Warning :
It's just another reminder because Firefox-v71 will be release very soon (according to the Mozilla Calendar it will be done in december (then before the next year 2020)).

@grahamperrin
Copy link

grahamperrin commented Oct 19, 2019
edited
Loading 

lockPref("security.ssl3.dhe_rsa_aes_128_sha",false);
lockPref("security.ssl3.dhe_rsa_aes_256_sha",false);
lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha",false);
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha",false);
lockPref("security.ssl3.ecdhe_rsa_aes_128_sha",false);
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha",false);
lockPref("security.ssl3.rsa_aes_256_sha",false);
lockPref("security.ssl3.rsa_des_ede3_sha",false);
lockPref("security.ssl.enable_false_start",false);
lockPref("security.tls.enable_0rtt_data",false);
lockPref("security.tls.version.min",3);
lockPref("security.tls.version.max",4);

If the intention is to lock these preferences in mainstream distributions of Waterfox:

  • do not.

@laniakea64
Copy link 

defaultPref("security.ssl3.rsa_aes_128_sha",false);
lockPref("security.ssl3.dhe_rsa_aes_128_sha",false);
lockPref("security.ssl3.dhe_rsa_aes_256_sha",false);
lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha",false);
lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha",false);
lockPref("security.ssl3.ecdhe_rsa_aes_128_sha",false);
lockPref("security.ssl3.ecdhe_rsa_aes_256_sha",false);
lockPref("security.ssl3.rsa_aes_256_sha",false);
lockPref("security.ssl3.rsa_des_ede3_sha",false);
lockPref("security.ssl.enable_false_start",false);
lockPref("security.tls.enable_0rtt_data",false);
lockPref("security.tls.version.min",3);
lockPref("security.tls.version.max",4);

I've tried this config in my own Waterfox profile before, but some of these settings broke too many needed websites for me, to the point I had to revert it. ☹️

@WagnerGMD
Copy link

  • Did you miss the word ? Which one ? Damn right the "Warning" !
  • Did you really take the time to read ? Nevermind @grahamperrin I don't care because it's obvious, you aren't familiar with the file (usually called) "mozilla.cfg".
    Exactly you have made another mistake. There is several syntax and from my point of view, it's good enough to provide one little example because when you have the knowledge, it isn't a trouble !
  • My intention ? It's only an alert for the people which are concern by the security.
  • And about Waterfox ? It could be a suggestion for the futur (when the browser will be ready to publish one release based on Firefox-v71).

You're right @laniakea64 because it could be a trouble sometimes. That's why these settings could break a website.
But don't forget one thing : I had never mentionned Waterfox (in my previous post). Then in my case the number of website is very very very tiny.

@grahamperrin
Copy link

Did you miss the word ?

No.

Which one ? Damn right

Watch your language; mind your manners.

Did you really take the time to read ?

Yes, including your earlier complaint about Alex not rectifying things, from which a person might assume that some other comments also require Alex to change things for you, and for other users of the application.

If #768 (comment) was not about changes to the application you should have made it clear.

Re: language, please be aware that the word warning is sometimes admonitory e.g. "… wagging an admonitory forefinger.". Perceptions such as finger-wagging may be likely where, for example, a person has previously complained about other people not doing things soon enough.

@WagnerGMD
Copy link

WagnerGMD commented Oct 20, 2019
edited
Loading

Another liar ! Because this time it's obvious.
My comment is very very very clear by the fact only one browser is mention.
- Remind me which one ? It's simple because like I said it's only about Firefox-v71 and I can't be more precise.
- For which reason ? The result has changed for the SSLtest and as reminder, at the origin the link is (already) on the first post. And if you need another reason December is very close (almost 2 months).
- Lie ? Because you pretend to have read my comment ! So this confusion it's only your fault and for that you are guilty. Don't pretend you made a mistake because you have miss the name of the browser ! And don't even try to find another false excuse !
- Did I ask something to change ? The answer is clearly no ! Despite these facts, the people who care about the security might be interested by my comment.

My language ? Well there is nothing wrong because you can't even be polite (hello, thanks, etc).
Don't you think that's you with this kind of behavior the trouble ? Don't even try to reply because it will sound like another lie. That's not my fault if you can't understand the word warning correctly.
By the way, that's enough and don't forget one thing : blame yourself (couple of liar)..

As you can guess now it's over and I won't try to help this project anymore.
To conclude, I don't except or need a reply. Because I'm already gone and trust me one day, you will have the feeling or sevreral regrets such as : we missed an opportunity to be respectful and now it's too late.

For the record, remind me who has report this issue ? Indeed it was myself and you didn't even take one tiny time to say something like : thank you WagnerGMD because you are right. The trouble wasn't rectify !

PS : By the way @MrAlex94 there is nothing strange. I was absent for several months and my behavior is normal. After all, you can blame @grahamperrin which has create this situation.
As we said in french : Ne jamais faire des conclusions hâtives !

@MrAlex94
Copy link
Collaborator

@WagnerGMD, this is the last time I am going to reply to your rude comments, and if you carry on, I'll have to block you - your rudeness is spreading to other people now who volunteer their time to help with Waterfox.

Now, I'm going to reply to your very first comment about TLS 1.3 support. Please note this comment from an OpenBSD developer who knows exactly what he's talking about:

"Since there is effectively nothing wrong with TLS 1.2 with a sanely chosen cipher suite today, we believe a clean careful implementation is more beneficial than early adoption."

I don't think there has been any reason to think that anything has changed in regards to security using TLS 1.2 with good cipher. TLS 1.3 is supported in Waterfox Current if it is specifically needed for whatever reason.

Next, stop calling people liars as you clearly have a lack of understanding for the meaning of the word. Also, this is an issue tracker, not a off-topic discussion forum. It's implied within the context of the issue that you're offering some sort of solution for Waterfox.

I'm going to say this as kindly as I can. Unless you can provide level headed discussion, please do not comment at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@grahamperrin @ilikenwf @Squall-Leonhart @ntrf @MrAlex94 @kikaragyozov @WagnerGMD @laniakea64 @Atavic