HTTPS-enabled instance may still have 128-bit keys after upgrade #6132
Comments
|
@cfm Are you saying that the test plan for 2.1.0 should permit 128-bit keys? Or are you saying that on upgrade to 2.1.0, prod instances using HTTPS on the Source Interface may break? |
|
As part of #5988, the Apache SSLCipherSuite directive is now not being set on fresh installs and is being removed on upgrades - it might be necessary to set it if we really want to force the expected key length. Mind you, IANACryptographer, but 128-bit AES seems good enough? |
|
I think the test plan (ie me) is at issue here - I got 256-bit keys while working through the case the first time, so I put that in as an expectation. I don't think there's a valid reason to expect that the negotiation would always work out that way. Gonna update the plan, and I think we can close this unless there are any objections. |
|
We've decided out of band that today I'll brush up on TLS 1.3 in order to confirm the conclusion in #6132 (comment). |
|
My research bears out your conclusion, @zenmonkeykstop, in #6132 (comment):
Per RFC 8446—
—so both the 128-bit and the 256-bit session keys we've observed are valid. For what it's worth, Qualys discriminates on the basis of session-key length in rating TLS endpoints, but Mozilla recommends all three cipher suites equally. |
Description
In #6103 (comment), I found that an HTTPS-enabled instance upgraded to v2.1.0~rc1 may still use 128-bit keys rather than the 256-bit keys intended by #5988.
Steps to Reproduce
Expected Behavior
After rerunning
make self-signed-https-certs && ./securedrop-admin install, Tor Browser "Page Info" says (my emphasis):Actual Behavior
Tor Browser "Page Info" says (my emphasis):
Comments
This suggests that an explicit
make self-signed-https-certs && ./securedrop-admin installis necessary for #5988 to go into effect on upgrading an existing SecureDrop installation.The text was updated successfully, but these errors were encountered: