Bug 1092835 - Log usage of weak ciphers in the console. r=keeler,mcmanus

dom/locales/en-US/chrome/security/security.properties

@@ -19,3 +19,8 @@ LoadingMixedActiveContent=Loading mixed (insecure) active content on a secure pa
 LoadingMixedDisplayContent=Loading mixed (insecure) display content on a secure page "%1$S"
 # LOCALIZATION NOTE: Do not translate "allow-scripts", "allow-same-origin", "sandbox" or "iframe"
 BothAllowScriptsAndSameOriginPresent=An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
+
+# LOCALIZATION NOTE: Do not translate "SSL 3.0".
+WeakProtocolVersionWarning=This site uses the protocol SSL 3.0 for encryption, which is deprecated and insecure.
+# LOCALIZATION NOTE: Do not translate "RC4".
+WeakCipherSuiteWarning=This site uses the cipher RC4 for encryption, which is deprecated and insecure.

netwerk/protocol/http/nsHttpChannel.cpp

@@ -48,6 +48,8 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsISSLStatus.h"
 #include "nsISSLStatusProvider.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIWebProgressListener.h"
 #include "LoadContextInfo.h"
 #include "netCore.h"
 #include "nsHttpTransaction.h"
@@ -1216,6 +1218,25 @@ nsHttpChannel::ProcessSSLInformation()
     if (!sslstat)
         return;
 
+    nsCOMPtr<nsITransportSecurityInfo> securityInfo =
+        do_QueryInterface(mSecurityInfo);
+    uint32_t state;
+    if (securityInfo &&
+        NS_SUCCEEDED(securityInfo->GetSecurityState(&state)) &&
+        (state & nsIWebProgressListener::STATE_IS_BROKEN)) {
+        // Send weak crypto warnings to the web console
+        if (state & nsIWebProgressListener::STATE_USES_SSL_3) {
+            nsString consoleErrorTag = NS_LITERAL_STRING("WeakProtocolVersionWarning");
+            nsString consoleErrorCategory = NS_LITERAL_STRING("SSL");
+            AddSecurityMessage(consoleErrorTag, consoleErrorCategory);
+        }
+        if (state & nsIWebProgressListener::STATE_USES_WEAK_CRYPTO) {
+            nsString consoleErrorTag = NS_LITERAL_STRING("WeakCipherSuiteWarning");
+            nsString consoleErrorCategory = NS_LITERAL_STRING("SSL");
+            AddSecurityMessage(consoleErrorTag, consoleErrorCategory);
+        }
+    }
+
     // Send (SHA-1) signature algorithm errors to the web console
     nsCOMPtr<nsIX509Cert> cert;
     sslstat->GetServerCert(getter_AddRefs(cert));

security/manager/ssl/src/nsNSSCallbacks.cpp

@@ -1172,7 +1172,8 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
                                            infoObject->GetPort(),
                                            versions.max);
 
-  bool weakEncryption = false;
+  bool usesWeakProtocol = false;
+  bool usesWeakCipher = false;
   SSLChannelInfo channelInfo;
   rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
   MOZ_ASSERT(rv == SECSuccess);
@@ -1191,9 +1192,9 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
                                 sizeof cipherInfo);
     MOZ_ASSERT(rv == SECSuccess);
     if (rv == SECSuccess) {
-      weakEncryption =
+      usesWeakProtocol =
-        (channelInfo.protocolVersion <= SSL_LIBRARY_VERSION_3_0) ||
+        channelInfo.protocolVersion <= SSL_LIBRARY_VERSION_3_0;
-        (cipherInfo.symCipher == ssl_calg_rc4);
+      usesWeakCipher = cipherInfo.symCipher == ssl_calg_rc4;
 
       // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
       Telemetry::Accumulate(
@@ -1265,15 +1266,23 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
   if (rv != SECSuccess) {
     siteSupportsSafeRenego = false;
   }
+  bool renegotiationUnsafe = !siteSupportsSafeRenego &&
+                             ioLayerHelpers.treatUnsafeNegotiationAsBroken();
 
-  if (!weakEncryption &&
+  uint32_t state;
-      (siteSupportsSafeRenego ||
+  if (usesWeakProtocol || usesWeakCipher || renegotiationUnsafe) {
-       !ioLayerHelpers.treatUnsafeNegotiationAsBroken())) {
+    state = nsIWebProgressListener::STATE_IS_BROKEN;
-    infoObject->SetSecurityState(nsIWebProgressListener::STATE_IS_SECURE |
+    if (usesWeakProtocol) {
-                                 nsIWebProgressListener::STATE_SECURE_HIGH);
+      state |= nsIWebProgressListener::STATE_USES_SSL_3;
-  } else {
-    infoObject->SetSecurityState(nsIWebProgressListener::STATE_IS_BROKEN);
     }
+    if (usesWeakCipher) {
+      state |= nsIWebProgressListener::STATE_USES_WEAK_CRYPTO;
+    }
+  } else {
+    state = nsIWebProgressListener::STATE_IS_SECURE |
+            nsIWebProgressListener::STATE_SECURE_HIGH;
+  }
+  infoObject->SetSecurityState(state);
 
   // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead,
   // we should set a flag on the channel that higher (UI) level code can check

uriloader/base/nsIWebProgressListener.idl

@@ -252,6 +252,20 @@ interface nsIWebProgressListener : nsISupports
 
   const unsigned long STATE_IDENTITY_EV_TOPLEVEL    = 0x00100000;
 
+  /**
+    * Broken state flags
+    *
+    * These flags describe the reason of the broken state.
+    *
+    * STATE_USES_SSL_3
+    *   The topmost document uses SSL 3.0.
+    *
+    * STATE_USES_WEAK_CRYPTO
+    *   The topmost document uses a weak cipher suite such as RC4.
+    */
+  const unsigned long STATE_USES_SSL_3                = 0x01000000;
+  const unsigned long STATE_USES_WEAK_CRYPTO          = 0x02000000;
+
   /**
    * Notification indicating the state has changed for one of the requests
    * associated with aWebProgress.