gnupg website

Glenn Rempe glenn at rempe.us
Thu Jan 26 02:16:36 CET 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I would also like to note that gnupg.org does not appear to work on
the latest versions of Apple iOS or macOS  Safari due to TLS cert
issues. It fails to load in Safari on either platform (but Chrome and
Firefox do work on macOS, Safari is the only browser on iOS).

I believe this may be due to Apple's App Transport Security (ATS)
rules. You can find an overview of those rules and a link to more
details here:

http://stackoverflow.com/questions/31231696/ios-9-ats-ssl-error-with-sup
porting-server

It seems that iOS/macOS cannot negotiate a strong connection with TLS
1.2 and one of the allowed cipher suites using forward secrecy when
talking to gnupg.org.

The accepted TLS 1.2 ciphers for Apple ATS are:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

And gnupg.org only provides:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 2048 bits   FS	128
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits   FS	256
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)	112

As you can see, there appears to be no overlap with the suites that
ATS expects for a strong connection and those that gnupg.org offers.

For comparison sake, here are the cipher suites that cloudflare
advertises with its CDN services:

Preferred TLSv1.2  128 bits  ECDHE-ECDSA-AES128-GCM-SHA256 Curve P-256
DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA256     Curve P-256
DHE 256
Accepted  TLSv1.2  128 bits  ECDHE-ECDSA-AES128-SHA        Curve P-256
DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-GCM-SHA384 Curve P-256
DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA384     Curve P-256
DHE 256
Accepted  TLSv1.2  256 bits  ECDHE-ECDSA-AES256-SHA        Curve P-256
DHE 256

Here is the full list of TLS suites that I used to compare:

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls
- -parameters-4

SSLlabs tests for gnupg.org seem to show that it cannot negotiate a
connection with forward security with gnupg.org which is a requirement
for ATS.

https://www.ssllabs.com/ssltest/analyze.html?d=gnupg.org&s=217.69.76.60

Every load of gnupg.org in Safari results in a total failure to load
anything. Running one of the suggested diagnostics shows the following
error:

*********************
$ nscurl --ats-diagnostics https://gnupg.org
Starting ATS Diagnostics

...
Default ATS Secure Connection
- ---
ATS Default Connection
2017-01-25 16:13:17.674 nscurl[38742:199753]
NSURLSession/NSURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9824)
Result : FAIL
- ---
*********************

The error is also showing in the system console application with an
entry such as:

NSURLSession/NSURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9824)


While I am not certain it would fix it, it seems that gnupg.org might
be able to fix by changing its config to advertise a more extensive
set of TLS 1.2 suites that support forward secrecy and that match the
supported list provided by Apple over TLS 1.2 connections.

I am happy to test this again after such a change. For now, if my
testing on my own devices is representative you may be shutting out
all iOS users and Safari on macOS users as well from being able to
load your site at all. If others don't see that same behavior I would
be interested to hear that too.

Cheers,

Glenn



On 1/25/17 4:16 PM, Andrew Gallagher wrote:
> On 2017/01/25 21:07, sivmu wrote:
>> Anyways ssllabs shows a warning that the website will be degraded
>>  from A to C in a month. Not sure that matters all that much, but
>> if there is an oppertunity to change the available ciphers at
>> some point...
> 
> I've looked into this and I'm not sure why ssllabs is degrading
> from A- to C. There is a link to the blog post in the results page,
> but the post appears to say that the grade will *not* be reduced. I
> quote:
> 
>> we’ll be modifying our grading criteria to penalise sites that 
>> negotiate 3DES with TLS 1.1 and newer protocols. Such sites will 
>> have their scores capped at C. Sites that continue to support
>> 3DES and keep it at the end of their ordered list of suites will
>> not be affected (for now).
> 
> gnupg.org *does* keep 3DES at the end of the supported suites, so
> surely it should not be affected. I'm tempted to write this off as
> a mistake by ssllabs.
> 
> A
> 
> 
> 
> _______________________________________________ Gnupg-users mailing
> list Gnupg-users at gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHYo11lajUTmaOI4vCiVDbdRDnGwFAliJTesACgkQCiVDbdRD
nGyKog//YCy1Vb9qSSB8EeVdRTddIXcFiqjeMbIDzq2oodaMdn1da/RQKR5g1nE6
DbAcyZVIZjKnnW8Uso3bCOt03KTLoK71RJo8pu54pCB2P6WlecgnZ/KwEqXMbqnO
KORSdGj4D0eU8NcUrfx5DFkr8j7odv6duiJ/ajLP+iOTUYDDL4VxkBn9aVAAWC1W
1JP/Yn9Rn5JfZxGdf3U8vzu6OSGWS8alAZRVHJRuyPceqzKCnQl4CrfYz/9n6h8S
X2X3NYH1JonevkQPjzvfpI1oehZB9kKhXXK2ACg4Xtrz6UcgP621TSc5xngqDj/r
yLMJNdoTuNA9HYAxV2P0b7SufhAUKlaivugvWf0pWrKwbLJS/N3dkgcVl3H7KTs4
uvCNJoObkv0YQIkIvzg99vsJW5+oO8k2E38YyWQUJ81pQWAV+hk71Gb3oiu78dpc
2klSmBXFc9JYjoYf5XrCimZqvfmcpnU5OfCzUqVFYINE7TVmfMqrqZTGdyQ+YOFU
QgU7X2GoHTVjKjkgZLjF/8xZstGSd+tXPmNH6TSClxSTwn+STSQUmQow+WIbAbU9
RO8BmLmodkxC2+lUDnvnI9uzGIiJAJfg2fDXjEw5Gx0UBPvsmRqoHHXqOOAQrqCJ
y8g/+HHoX65knjdVUYmWWVoY43ysoxiPZIyuug1UD/c16uu2tH0=
=uOgq
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list