Firefox 24.1.1 HSTS network.stricttransportsecurity.preloadlist
 URLs

Since I haven’t seen it posted anywhere else, I thought some might find it useful to post the list of embedded URLs Firefox 24.1.1 includes for HSTS.  I found these URLs on my own machine by following these instructions (for OSX users):
1. Ideally with Firefox closed, open /Applications/Firefox.app/Contents/MacOS/XUL in SynalyzeIt or your favorite hex editor
2. Apply the encoding SynalyzeIt or your favorite hex editor proposes (ISO_8859-1:1987 in my case)
3. Search for network.stricttransportsecurity.preloadlist

The list of URLs that immediately follows after the text “https:// sts/use sts/subd includesubdomains test.currentTimeOffsetSeconds”:
aladdinschools.appspot.com
alpha.irccloud.com
api.intercom.io
app.recurly.com
arivo.com.br
bank.simple.com
bassh.net
bccx.com
blog.cyveillance.com
blog.linode.com
blog.torproject.org
bugzilla.mozilla.org
business.medbank.com.mt
carezone.com
check.torproject.org
chromiumcodereview.appspot.com
cloudns.com.au
cloudsecurityalliance.org
codereview.appspot.com
conformal.com
controlcenter.gigahost.dk
crate.io
crm.onlime.ch
crypto.cat
cyphertite.com
developer.mydigipass.com
dist.torproject.org
dm.lookout.com
dm.mylookout.com
download.jitsi.org
ebanking.indovinabank.com.vn
entropia.de
espra.com
factor.cc
forum.linode.com
forum.quantifiedself.com
grc.com
haste.ch
howrandom.org
id.mayfirst.org
inertianetworks.com
intercom.io
itriskltd.com
keyerror.com
lastpass.com
launchkey.com
library.linode.com
linode.com
linx.net
lockify.com
login.persona.org
login.sapo.pt
logotype.se
lolicore.ch
lookout.com
luneta.nearbuysystems.com
makeyourlaws.org
manager.linode.com
mattmccutchen.net
mediacru.sh
mega.co.nz
members.mayfirst.org
members.nearlyfreespeech.net
mudcrab.us
my.onlime.ch
mylookout.com
neg9.org
oplop.appspot.com
p.linode.com
passwd.io
paste.linode.com
pastebin.linode.com
pay.gigahost.dk
paymill.com
paymill.de
piratenlogin.de
pixi.me
rapidresearch.me
riseup.net
roundcube.mayfirst.org
sandbox.mydigipass.com
securityheaders.com
shodan.io
silentcircle.com
simple.com
squareup.com
stocktrade.de
stripe.com
support.mayfirst.org
surkatty.org
therapynotes.com
twitter.com
ubertt.org
webmail.gigahost.dk
webmail.mayfirst.org
webmail.onlime.ch
wiki.python.org
wiz.biz
writeapp.me
http://www.apollo-auto.com
http://www.braintreepayments.com
http://www.cueup.com
http://www.cyveillance.com
http://www.entropia.de
http://www.grc.com
http://www.intercom.io
http://www.irccloud.com
http://www.linode.com
http://www.lookout.com
http://www.makeyourlaws.org
http://www.mydigipass.com
http://www.mylookout.com
http://www.noisebridge.net
http://www.simple.com
http://www.therapynotes.com
http://www.torproject.org
http://www.twitter.com

An eclectic mix, no? Among the interesting omissions from this list that might surprise some users:
Apple
Google
Facebook
LinkedIn
CDNs like Akamai, AWS

Standard

Requiring Better Cryptography in Firefox and Thunderbird Breaks Update Functionality

After updating Firefox and Thunderbird, I usually have a quick look through the many preferences listed in about:config because Firefox updates have a history of removing, breaking and changing privacy-related user preferences without notification.  Lately, these “changes” have all looked like concessions to the ad industry masked as “usability improvements” to make configuration less confusing for the average user.

While even I would not recommend requiring TLS 1.2 in Firefox for general browsing because it breaks a lot of “secure” sites, I still prefer to configure that requirement in one particular Firefox installation used exclusively for logging into Gmail, which does support TLS 1.2.  In the latest stable releases of Firefox as of today (and Thunderbird, which also supports TLS 1.2 if you use it to connect to Gmail), you would do that by navigating to the about:config menu and then:

  • changing security.tls.version.max to 3 to set TLS 1.2 as the maximum allowed (TLS 1.1 is the maximum allowed by default as of this writing)
  • changing security.tls.version.min to 3 to require TLS 1.2 as the minimum required
  • changing security.enable_tls_session_tickets to false to disable TLS client-initiated renegotiation for good measure
  • optionally disabling weak cipher suites for good measure

Together, these settings will ensure that Firefox uses the latest available TLS protocol and mitigates certain attacks.

Unfortunately for Firefox users, “hardening” your browser settings in this way actually breaks Firefox and Thunderbird update checking and add-on update checking, which prevents the security and privacy-conscious users who take the time to enable these settings from obtaining the latest and greatest Firefox, Thunderbird, and Add-On releases.  This normally wouldn’t be all that surprising or worthy of criticism because so many other servers are even worse, and TLS 1.2 adoption is still not as widespread as it should be.

But it was too ironic not to mention these deficiencies because Julien Vehent of Mozilla’s security team just wrote a blog post bragging about some improvements to Mozilla’s server-side TLS configuration.

I’ve pasted my thoughts on that blog post, which I also tried to leave as a comment on the blog post but doubt will be approved by the moderator:

These changes are a important step in the right direction, but failing to enable server-side TLS 1.2 for Firefox/Thunderbird update and add-on update checking for clients who have changed their settings to require TLS 1.2 remain important oversights in my view.  I understand the compatibility concerns associated with old, bad configurations, but still fail to see the downside of enabling TLS 1.2 by default in Thunderbird and Firefox by setting security.tls.version.max to 3.

Some more details on server-side issues that deserve to be addressed…
If Firefox users set security.tls.version.max and security.tls.version.min to 3 in about:config on both Firefox and Thunderbird to require TLS 1.2, users will not be notified of any updates to Firefox or Thunderbird.  Below, I’ve flagged a few issues with specific Mozilla servers that Firefox and Thunderbird users might care most about:

  • addons.cdn.mozilla.net, which according to a Qualys SSL handshake simulation test run on November 19th is not forward secret and does not mitigate BEAST attacks
  • versioncheck.addons.mozilla.org, which according to a Qualys SSL handshake simulation test run on November 19th is not forward secret, does not support TLS 1.2, allows client-initiated renegotiation, and leaves RC4 enabled
  • services.addons.mozilla.org weirdly failed several Qualys SSL tests attempted on November 19th, but I wouldn’t be surprised if it had the same issues as the servers above

<end probably-censored blog comment>

I didn’t take a look at any of the servers that Firefox and Thunderbird clients connect to in order to submit Telemetry, Health Report, and Crash Reporter data because I’ve disabled them all for privacy reasons, but I would not be surprised if those servers also failed to enable forward-secret TLS 1.2.  All of the above weaknesses in Mozilla server crypto configurations are potentially concerning from a security/privacy perspective because those servers receive potentially sensitive information about Firefox client configurations, usage habits, add-ons, etc. that could be leaked or subverted via certain attacks.  With that in mind, Julien Vehent and team at Mozilla should be recognized for doing better than most to improve server-side cryptography.

But Mozilla would also be well-advised to prioritize enabling (if not requiring by default) TLS 1.2–which is now more than five years old–on Mozilla servers that Mozilla software clients capable of supporting TLS 1.2 all depend on for core updating functionality before bragging about their TLS 1.2 implementation to users.

Standard