Opened 20 months ago

Closed 20 months ago

Last modified 20 months ago

#25354 closed defect (invalid)

torproject.org using insecure ciphers/protocols (SSLv3, 3DES and RC4)

Reported by: pege Owned by: tpa
Priority: Very High Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I just tried to update Tor Browser in Whonix on Qubes OS and got this error: "curl_status_message: [35] - [SSL connect error. The SSL handshaking failed.]".

I looked at it a bit closer and it looks like https://www.torproject.org is currently using insecure ciphers.

openssl s_client -connect www.torproject.org:443
…
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: DD04CBDA08AEFB17B0DCF3696B4D09DE761F150E4886E33AB5334B4F1EBD7575
    Session-ID-ctx: 
    Master-Key: 99B55DE1DB5319DC11D12C19C4DD1B3A1534331E4FB4E7C14A3C93628E068D970A0F493ED0EB878FA4E183F8F6656A4E
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1519601291
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

Firefox Nightly tells me the cipher in use is:

TLS_RSA_WITH_3DES_EDE_CBC_SHA

And https://www.ssllabs.com/ssltest/analyze.html?d=www.torproject.org tells me:

protocols:

Protocols
TLS 1.3 	No
TLS 1.2 	No
TLS 1.1 	No
TLS 1.0 	Yes
SSL 3   INSECURE 	Yes

ciphers:

TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE 	128
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE 	128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   WEAK 	112
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   WEAK 	256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   WEAK 	128

Child Tickets

Change History (7)

comment:1 Changed 20 months ago by teor

Component: Webpages/WebsiteInternal Services/Tor Sysadmin Team
Owner: set to tpa

comment:2 Changed 20 months ago by pege

Component: Internal Services/Tor Sysadmin TeamWebpages/Website

Something seems to be off with the DNS records too. Only www.torproject.org can be resolved, torproject.org can't.

$ dig torproject.org @8.8.8.8

; <<>> DiG 9.10.3-P4-Debian <<>> torproject.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45845
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;torproject.org.			IN	A

;; AUTHORITY SECTION:
torproject.org.		1539	IN	SOA	nevii.torproject.org. hostmaster.torproject.org. 2018022538 10800 3600 1814400 3601

;; Query time: 16 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 26 01:27:42 CET 2018
;; MSG SIZE  rcvd: 96

$ dig www.torproject.org @8.8.8.8

; <<>> DiG 9.10.3-P4-Debian <<>> www.torproject.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21531
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.torproject.org.		IN	A

;; ANSWER SECTION:
www.torproject.org.	149	IN	A	154.35.175.245

;; Query time: 126 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 26 01:28:00 CET 2018
;; MSG SIZE  rcvd: 63
Last edited 20 months ago by pege (previous) (diff)

comment:3 Changed 20 months ago by pege

Component: Webpages/WebsiteInternal Services/Tor Sysadmin Team

comment:4 Changed 20 months ago by pege

Sorry. changing the component was an accident.

comment:5 in reply to:  2 Changed 20 months ago by teor

Replying to pege:

Something seems to be of with the DNS records too. Only www.torproject.org can be resolved, torproject.org can't.

This is a deliberate, temporary change:

21:48 +nsa: or: [auto-dns/master] 9dec896 2018-02-25 10:48:11 Peter Palfrader <peter@palfrader.org>: remove address records for "torproject.org" for now

comment:6 Changed 20 months ago by weasel

Resolution: invalid
Status: newclosed

This ticket is not helpful at this time.

comment:7 Changed 20 months ago by arma

For context, yes, this week's webserver for www.torproject.org does indeed use old risky ciphers.

We've asked the nice people who set it up to update it to smarter ciphers, and they say it will be at least a few days until they succeed.

Hang in there everybody. :)

Note: See TracTickets for help on using tickets.