Deprecate TLSv1.2 weak ciphersuites
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Vgutierrez
	Jul 20 2020, 2:05 PM

Description

Currently we still support three different ciphersuites that are considered weak:

~~ECDHE-ECDSA-AES128-SHA (TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)~~
~~ECDHE-RSA-AES128-SHA (TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)~~
~~DHE-RSA-AES128-SHA (TLS_DHE_RSA_WITH_AES_128_CBC_SHA)~~

ciphersuites using CBC block mode instead of GCM are considered weak since the disclosure of several attacks against CBC during 2019, specifically Zombie POODLE and GoldenPOODLE, a nice introduction to those attacks can be found here: https://www.tripwire.com/state-of-security/vulnerability-management/zombie-poodle-goldendoodle/

Details

Subject	Repo	Branch	Lines +/-
varnish: Remove ECDHE-ECDSA-AES128-SHA sinkhole	operations/puppet	production	+0 -78
ATS: Turn ECDHE-ECDSA-AES128-SHA support off	operations/puppet	production	+1 -1
ssl_ciphersuite: Remove CBC based cipher suites	operations/puppet	production	+2 -5
vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 100%	operations/puppet	production	+6 -17
vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 10%	operations/puppet	production	+1 -1
vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 5%	operations/puppet	production	+1 -1
vcl: Use synthetic warning for 2% of ECDHE-ECDSA-AES128-SHA pageviews	operations/puppet	production	+21 -8
ATS: Turn DHE-RSA-AES128-SHA support off	operations/puppet	production	+1 -1
vcl: Use synthetic warning for DHE-RSA-AES128-SHA pageviews	operations/puppet	production	+7 -7
ATS: Disable ECDHE-RSA-AES128-SHA support	operations/puppet	production	+1 -1
vcl: Use synthetic warning for ECDHE-RSA-AES128-SHA pageviews	operations/puppet	production	+7 -7

Related Objects

Mentioned In: T266866: Remove "Basic" support (Grade C) for browsers without TLS 1.2+ (MediaWiki core and WMF infra)
T262946: Bump Firefox version in basic support to 3.6 or newer
T192559: Establish timeline and methodology for upcoming deprecation of non-forward-secret ciphers and TLSv1.0

Event Timeline

Vgutierrez created this task.Jul 20 2020, 2:05 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 20 2020, 2:05 PM

Vgutierrez moved this task from Backlog to TLS on the Traffic board.Jul 20 2020, 2:05 PM

Vgutierrez triaged this task as Medium priority.Jul 20 2020, 2:13 PM

• MoritzMuehlenhoff subscribed.Jul 20 2020, 2:14 PM

Change 614763 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] vcl: Use synthetic warning for ECDHE-RSA-AES128-SHA pageviews

https://gerrit.wikimedia.org/r/614763

gerritbot added a project: Patch-For-Review.Jul 20 2020, 2:58 PM

Change 614763 merged by Vgutierrez:
[operations/puppet@production] vcl: Use synthetic warning for ECDHE-RSA-AES128-SHA pageviews

https://gerrit.wikimedia.org/r/614763

Mentioned in SAL (#wikimedia-operations) [2020-07-21T15:01:12Z] <vgutierrez> show a synthetic warning for traffic using ECDHE-RSA-AES128-SHA - T258405

Maintenance_bot removed a project: Patch-For-Review.Jul 21 2020, 3:10 PM

Change 622138 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS: Disable ECDHE-ECDSA-AES128-SHA support

https://gerrit.wikimedia.org/r/622138

gerritbot added a project: Patch-For-Review.Aug 24 2020, 12:44 PM

Change 622138 merged by Vgutierrez:
[operations/puppet@production] ATS: Disable ECDHE-RSA-AES128-SHA support

https://gerrit.wikimedia.org/r/622138

Mentioned in SAL (#wikimedia-operations) [2020-08-24T15:04:03Z] <vgutierrez> rolling restart of ats-tls to disable ECDHE-RSA-AES128-SHA - T258405

Maintenance_bot removed a project: Patch-For-Review.Aug 24 2020, 3:10 PM

Vgutierrez updated the task description. (Show Details)Aug 24 2020, 3:39 PM

Change 622321 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] vcl: Use synthetic warning for DHE-RSA-AES128-SHA pageviews

https://gerrit.wikimedia.org/r/622321

gerritbot added a project: Patch-For-Review.Aug 25 2020, 10:01 AM

Change 622321 merged by Vgutierrez:
[operations/puppet@production] vcl: Use synthetic warning for DHE-RSA-AES128-SHA pageviews

https://gerrit.wikimedia.org/r/622321

Mentioned in SAL (#wikimedia-operations) [2020-08-26T13:06:01Z] <vgutierrez> serve a synthetic warn page to DHE-RSA-AES128-SHA users - T258405

Maintenance_bot removed a project: Patch-For-Review.Aug 26 2020, 1:10 PM

BBlack mentioned this in T192559: Establish timeline and methodology for upcoming deprecation of non-forward-secret ciphers and TLSv1.0.Sep 23 2020, 4:52 PM

Change 630768 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS: Turn DHE-RSA-AES128-SHA support off

https://gerrit.wikimedia.org/r/630768

gerritbot added a project: Patch-For-Review.Sep 29 2020, 8:45 AM

Change 630768 merged by Vgutierrez:
[operations/puppet@production] ATS: Turn DHE-RSA-AES128-SHA support off

https://gerrit.wikimedia.org/r/630768

Mentioned in SAL (#wikimedia-operations) [2020-09-29T11:28:38Z] <vgutierrez> disabling DHE-RSA-AES128-SHA support - T258405

Vgutierrez updated the task description. (Show Details)Sep 29 2020, 1:32 PM

Change 631399 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] vcl: Use synthetic warning for 2% of ECDHE-ECDSA-AES128-SHA pageviews

https://gerrit.wikimedia.org/r/631399

Change 631399 merged by Vgutierrez:
[operations/puppet@production] vcl: Use synthetic warning for 2% of ECDHE-ECDSA-AES128-SHA pageviews

https://gerrit.wikimedia.org/r/631399

Mentioned in SAL (#wikimedia-operations) [2020-10-01T13:43:54Z] <vgutierrez> use synthetic warning for 2% of ECDHE-ECDSA-AES128-SHA pageviews - T258405

Vgutierrez mentioned this in T262946: Bump Firefox version in basic support to 3.6 or newer.Oct 6 2020, 1:44 PM

Change 632490 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 5%

https://gerrit.wikimedia.org/r/632490

Change 632490 merged by Vgutierrez:
[operations/puppet@production] vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 5%

https://gerrit.wikimedia.org/r/632490

Change 633739 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 10%

https://gerrit.wikimedia.org/r/633739

Change 633739 merged by Vgutierrez:
[operations/puppet@production] vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 10%

https://gerrit.wikimedia.org/r/633739

Mentioned in SAL (#wikimedia-operations) [2020-10-14T12:46:41Z] <vgutierrez> Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 10% - T258405

Change 635302 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 100%

https://gerrit.wikimedia.org/r/635302

Change 635302 merged by Vgutierrez:
[operations/puppet@production] vcl: Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 100%

https://gerrit.wikimedia.org/r/635302

Mentioned in SAL (#wikimedia-operations) [2020-10-21T09:59:17Z] <vgutierrez> Bump ECDHE-ECDSA-AES128-SHA pageview replacement to 100% - T258405

We're getting a few OTRS tickets about this, a note in Tech News or on wikitech-l would have been appreciated.

User-notice is definitely warranted

RhinosF1 subscribed.Oct 26 2020, 7:49 PM

Change 636901 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ATS: Turn ECDHE-ECDSA-AES128-SHA support off

https://gerrit.wikimedia.org/r/636901

Change 636902 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ssl_ciphersuite: Remove CBC based cipher suites

https://gerrit.wikimedia.org/r/636902

Change 636901 merged by Vgutierrez:
[operations/puppet@production] ATS: Turn ECDHE-ECDSA-AES128-SHA support off

https://gerrit.wikimedia.org/r/636901

Mentioned in SAL (#wikimedia-operations) [2020-10-29T08:54:39Z] <vgutierrez> turn off ECDHE-ECDSA-AES128-SHA support on the main caching cluster - T258405

@Urbanecm /anyone: do you have a suggestion on how to phrase this in Tech News? I'm not sure how to summarize it, based on what is above.
I searched Tech News archives, and it seems the last times we mentioned TLS or old browsers were in 2020-01 and in 2018-06.
You can also add it directly (this week's issue) yourself! :)

Quiddity moved this task from To Triage to Announce in next Tech/News on the User-notice board.Oct 29 2020, 6:55 PM

@Quiddity What about this: "You can no longer read Wikimedia wikis if your browser use old TLS versions. This is because it is a security problem for everyone. It can lead to downgrade attacks. Since October 29, 2020, users who use old TLS versions will not be able to connect to Wikimedia projects. A list of recommended browsers is available. All modern operating systems and browsers are always able to reach Wikimedia projects."?

Tried to base on https://meta.wikimedia.org/wiki/Tech/News/2020/03's entry.

Perfect, thank you!

Quiddity moved this task from Announce in next Tech/News to In current Tech/News draft on the User-notice board.Oct 29 2020, 7:25 PM

We should probably also update https://wikitech.wikimedia.org/wiki/HTTPS with the new status quo

Jdforrester-WMF mentioned this in T266866: Remove "Basic" support (Grade C) for browsers without TLS 1.2+ (MediaWiki core and WMF infra).Oct 30 2020, 4:40 PM

Johan moved this task from In current Tech/News draft to Already announced/Archive on the User-notice board.Nov 4 2020, 2:47 PM

In T258405#6589763, @TheDJ wrote:

We should probably also update https://wikitech.wikimedia.org/wiki/HTTPS with the new status quo

Technically, an increase of the standards employed at our edge (what we're doing in this ticket) doesn't necessarily imply an increase in the standards on that page (which also apply to the third parties we delegate some hostnames to). Usually our requirements of third parties lag our standards for ourselves a bit, in the name of being reasonably-achievable (not that we've ever had full compliance anyways). I think the current edits can stand and we'll see how compliance goes over time, but just keep in mind that technically, updating that page to higher standards is a separate matter with different considerations.

I think it would be useful to have a page or section outlining the de facto requirements for connecting to the flagship Wikimedia sites. https://wikitech.wikimedia.org/wiki/HTTPS/Browser_Recommendations is part of that, but since it's user-facing it doesn't really tell the whole story. That sort of technical documentation would be useful for developers and tech ambassadors to know what our current configuration is/should be without having to trawl rOPUP.
We're also in the unique position of being a heavily-trafficked website that also cares deeply about user privacy, so I think being clear and transparent about what we think is adequate security at the moment is important.

Vgutierrez closed this task as Resolved.Nov 16 2020, 3:48 PM

Vgutierrez claimed this task.

Vgutierrez updated the task description. (Show Details)

Ladsgroup edited projects, added User-notice-archive; removed User-notice.Aug 13 2022, 1:54 PM

Change 835571 had a related patch set uploaded (by Vgutierrez; author: Vgutierrez):

[operations/puppet@production] varnish: Remove ECDHE-ECDSA-AES128-SHA sinkhole

https://gerrit.wikimedia.org/r/835571

Change 835571 merged by Vgutierrez:

[operations/puppet@production] varnish: Remove ECDHE-ECDSA-AES128-SHA sinkhole

https://gerrit.wikimedia.org/r/835571