Weird SSL misconfigurations · 2013-10-01 13:40 by Wladimir Palant

TL;DR: Some Firefox installations don’t support strong encryption and I wonder why that is.

There is one issue with relying on community-supplied filter lists in Adblock Plus: these lists are sometimes hosted on unreliable services that will go down without any prior notice. That’s why a fallback solution had to be designed in the early stages of the projects: if a client cannot reach a filter download server several times in a row it should query a fallback URL which could reply with a new location for that filter list. These fallback requests can also be used to notice issues with filter downloads that the owners of the filter lists didn’t notice themselves.

While that mechanism proved very useful over the years, one issue wasn’t anticipated originally: the fallback URL was being triggered constantly, even for filter lists that were accessible just fine. Some people consistently failed to download filter lists (while still being able to access the fallback URL), be it because of strange misconfigurations, malfunctioning security software or weird proxy servers. The range of possible issues increased significantly once all Adblock Plus requests switched to SSL.

The numbers were still pretty low however — until mid-August when we’ve reconfigured easylist-downloads.adblockplus.org to use the recommended SSL settings (disabled SSLv3 and weak cyphers). All the sudden the prevalent reported error became SSL_ERROR_NO_CYPHER_OVERLAP — it seems that at least several thousands Firefox users cannot use any strong cyphers.

Obvious suspicion would be extremely outdated clients. And indeed, many of these fallback requests come from outdated Firefox and Adblock Plus versions. However, they are not that outdated, mostly at least Firefox 17 and sometimes even the current Firefox 24. The outdated versions seem to be rather a consequence of the same SSL issues, I guess that they prevent these clients from connecting to Mozilla’s update servers as well.

A glance at about:config offers another possible explanation: under security.ssl3 one can switch off specific cyphers. I cannot really imagine somebody switching off all strong cyphers however, whether intentionally or by accident. Data corruption causing this issue is IMHO too unlikely to be responsible for thousands of misconfigured clients. Malice is however still an option: given the suspicion that NSA conducts SSL downgrade attacks, the idea that settings for some clients could be manipulated to use only insecure protocols while keeping appearances of secure communication isn’t too far-fetched. Of course, changing browser configuration requires the system to be compromised in the first place so this approach only makes sense for a stealth operation where no software should be installed permanently on the system.

I’m normally not into paranoia so I am looking forward to more reasonable explanations. Did I miss something obvious?

Commenting is closed for this article.