----- Original Message ----- > From: "Nikos Mavrogiannopoulos" <nmav@xxxxxxxxxx> > To: "Hubert Kario" <hkario@xxxxxxxxxx> > Cc: "Tomas Mraz" <tmraz@xxxxxxxxxx>, security@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Tuesday, 6 May, 2014 1:17:13 PM > Subject: Re: Fedora crypto policy vs the real world Was: available crypto policies > > On Tue, 2014-05-06 at 06:41 -0400, Hubert Kario wrote: > > > > So no, Windows won't disable RC4 support by default. > > nitpick: Windows 7 doesn't disable RC4 support by default. > > Windows 8 does disable RC4 by default: > > http://blogs.msdn.com/b/ie/archive/2013/11/12/ie11-automatically-makes-over-40-of-the-web-more-secure-while-making-sure-sites-continue-to-work.aspx > > I don't think microsoft would be held as an example, but still they do > negotiate RC4, as they re-try connecting using RC4 if the first > handshake fails. From a security point of view, their change is useless, > as if I can attack RC4, I can simply make the first attempt to connect > fail, and attack the second that includes RC4. Yes, for a dedicated attack, it does not change anything, as it is performing man in the middle anyway. It does help against passive attacker. But I agree, connection retry with different ciphers is bad idea. > Nevertheless, we cannot even do what they do (i.e., reconnect using RC4 > as fallback). What we do is to set the bar to either allow RC4 or have a > failed connection, and thus force a plaintext session, that is worse > than RC4. Sorry, but how does that force a plaintext session? There's no plaintext fallback for HTTP. Over HTTP you get a redirection to HTTPS site that simply won't work, no fallback. If the attacker uses sslstrip and you won't notice lack of padlock that's not the fault of RC4. For connections like LDAP, SMTP, POP3 or IMAP you configure it once to either use or not use SSL. So that's only configuration time attack. And applications which use opportunistic encryption shouldn't use default cipher order anyway (as default won't ever have anonymous DH). -- Regards, Hubert Kario Quality Engineer, QE BaseOS Security team Email: hkario@xxxxxxxxxx Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
