touch-packages team mailing list archive

Thread
Date
[Bug 1002434] Re: TLS interoperability issue in NSS based software

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: snafu109 <1002434@xxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Aug 2014 15:29:43 -0000
Reply-to: Bug 1002434 <1002434@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This was fixed in 3.14 release of NSS as shown at
https://bugzilla.mozilla.org/buglist.cgi?list_id=4643675;resolution=FIXED;classification=Components;query_format=advanced;product=NSS;target_milestone=3.14
(see bug 636802). All currently supported Ubuntu releases are on 3.15+
so closing as this no longer affects any current Ubuntu versions.

** Changed in: firefox (Ubuntu)
       Status: Triaged => Fix Released

** Changed in: nss (Ubuntu)
       Status: Triaged => Fix Released

** Changed in: thunderbird (Ubuntu)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1002434

Title:
  TLS interoperability issue in NSS based software

Status in Network Security Services (NSS):
  Fix Released
Status in Mozilla Thunderbird Mail and News:
  Fix Released
Status in “firefox” package in Ubuntu:
  Fix Released
Status in “nss” package in Ubuntu:
  Fix Released
Status in “thunderbird” package in Ubuntu:
  Fix Released

Bug description:
  NSS (Netscape Security Services) module provides encryption services
  to many applications, such as Thunderbird, Firefox and Chromium. NSS
  has a hard coded maximum limit of 2236 bits for ephemeral Diffie-
  Hellman (DHE) keys. If the TLS server (such as a web server, SMTP
  server, IMAP server, etc) requests a bigger DHE key size, NSS based
  applications refuse to interoperate. They just close the connection
  and display a confusing error message (such as "Unknown error").

  Recent versions of GnuTLS (as shipped by Ubuntu and other
  distributions) include a new library API which recommends and
  automatically selects the following key sizes:

  Security level         key bits

  LOW                         1248
  LEGACY                   1776
  NORMAL                 2432
  HIGH                         3248

  See the following for more information:
  https://www.gnu.org/software/gnutls/manual/html_node/Selecting-
  cryptographic-key-sizes.html

  As can be seen, NSS's maximum limit of 2236 bits can only interoperate
  with GnuTLS server which has been set at "LOW" or "LEGACY" security
  level.

  This bug was discovered when Exim's GnuTLS interface was revamped
  recently. Thunderbird refused to complete TLS handshake with the Exim
  SMTP server any more, because the new GnuTLS interface was following
  the GnuTLS library's opinion on suitable key sizes.

  Please patch the NSS library to accept reasonable key sizes: at the
  very least 3248 bits should be accepted to allow interoperability with
  GnuTLS at HIGH level. NSS is the only TLS library which has such a low
  hard limit on DHE key size.

  The only reason people are not hitting this bug frequently yet is that
  most main stream server software still does not use GnuTLS library's
  new API or recommendations but instead hard codes the DHE key size to
  1024 or 2048 bits.

  I am attaching a patch which points out the relevant #define in
  blapit.h.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nss/+bug/1002434/+subscriptions