<div dir="ltr">Hi Sailors!<br><br>After reading about the weak cipher list used in latest Android devices<br>[ <a href="http://op-co.de/blog/posts/android_ssl_downgrade/">http://op-co.de/blog/posts/android_ssl_downgrade/</a> ], I decided to check how Sailfish looks like.<br>
<br>Fortunately, the native QML apps seem to use strong ciphers as the default ciphers, at least in the emulator.<br><br>However, I can't test Sailfish/Jolla Android emulator, because I don't have access to it. It would be great if someone who has access to it could ensure that its cipher list doesn't have weak ciphers as default ciphers. We don't want pirates to attack our connections :)<br>
<br>Here's my results from Sailfish SDK alpha, Android 2.2 and 4.2.2 emulator. I run the emulators with simple apps which took https connections and at the same time I run ssldump to see the cipher list. My ssldump version is 0.9b3 (Ubuntu 12.04) and it can't recognize all ciphers, but the unknown values can be found at <a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml">http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml</a> - I have expanded some of them to the ssldumps.<br>
<br>> ssldump -i wlan0 -p 80<br><br>Sailfish SDK alpha, QML hello world app with this code:<br> IconButton {<br> icon.source: "<a href="https://www.google.com/images/srpr/logo4w.png">https://www.google.com/images/srpr/logo4w.png</a>"<br>
onClicked: console.log("Google!!!")<br> }<br><br> cipher suites<br> Unknown value 0xa3 [TLS_DHE_DSS_WITH_AES_256_GCM_SHA384]<br> Unknown value 0x9f [TLS_DHE_RSA_WITH_AES_256_GCM_SHA384]<br>
Unknown value 0x6b [TLS_DHE_RSA_WITH_AES_256_CBC_SHA256]<br> Unknown value 0x6a [TLS_DHE_DSS_WITH_AES_256_CBC_SHA256]<br> TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br> TLS_DHE_DSS_WITH_AES_256_CBC_SHA<br>
Unknown value 0x88<br> Unknown value 0x87<br> Unknown value 0x9d<br> Unknown value 0x3d<br> TLS_RSA_WITH_AES_256_CBC_SHA<br> Unknown value 0x84<br> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br>
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA<br> TLS_RSA_WITH_3DES_EDE_CBC_SHA<br> Unknown value 0xa2<br> Unknown value 0x9e<br> TLS_DHE_DSS_WITH_NULL_SHA<br> Unknown value 0x40<br> TLS_DHE_RSA_WITH_AES_128_CBC_SHA<br>
TLS_DHE_DSS_WITH_AES_128_CBC_SHA<br> Unknown value 0x9a<br> Unknown value 0x99<br> Unknown value 0x45<br> Unknown value 0x44<br> Unknown value 0x9c<br> Unknown value 0x3c<br>
TLS_RSA_WITH_AES_128_CBC_SHA<br> Unknown value 0x96<br> Unknown value 0x41<br> TLS_RSA_WITH_IDEA_CBC_SHA<br> TLS_RSA_WITH_RC4_128_SHA<br> TLS_RSA_WITH_RC4_128_MD5<br> TLS_DHE_RSA_WITH_DES_CBC_SHA<br>
TLS_DHE_DSS_WITH_DES_CBC_SHA<br> TLS_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA<br> TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA<br> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA<br> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5<br>
TLS_RSA_EXPORT_WITH_RC4_40_MD5<br> Unknown value 0xff<br><br>Android 2.2 emulator<br> cipher suites<br> TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br> TLS_DHE_DSS_WITH_AES_256_CBC_SHA<br> TLS_RSA_WITH_AES_256_CBC_SHA<br>
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA<br> TLS_RSA_WITH_3DES_EDE_CBC_SHA<br> TLS_DHE_RSA_WITH_AES_128_CBC_SHA<br> TLS_DHE_DSS_WITH_AES_128_CBC_SHA<br> TLS_RSA_WITH_AES_128_CBC_SHA<br>
TLS_RSA_WITH_RC4_128_SHA<br> TLS_RSA_WITH_RC4_128_MD5<br> TLS_DHE_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_DSS_WITH_DES_CBC_SHA<br> TLS_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA<br>
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA<br> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA<br> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5<br> TLS_RSA_EXPORT_WITH_RC4_40_MD5<br> Unknown value 0xff<br><br>Android 4.2.2 emulator<br>
cipher suites<br> TLS_RSA_WITH_RC4_128_MD5 !!!!BAD!!!<br> TLS_RSA_WITH_RC4_128_SHA<br> TLS_RSA_WITH_AES_128_CBC_SHA<br> TLS_RSA_WITH_AES_256_CBC_SHA<br> Unknown value 0xc002<br> Unknown value 0xc004<br>
Unknown value 0xc005<br> Unknown value 0xc00c<br> Unknown value 0xc00e<br> Unknown value 0xc00f<br> Unknown value 0xc007<br> Unknown value 0xc009<br> Unknown value 0xc00a<br>
Unknown value 0xc011<br> Unknown value 0xc013<br> Unknown value 0xc014<br> TLS_DHE_RSA_WITH_AES_128_CBC_SHA<br> TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br> TLS_DHE_DSS_WITH_AES_128_CBC_SHA<br>
TLS_DHE_DSS_WITH_AES_256_CBC_SHA<br> TLS_RSA_WITH_3DES_EDE_CBC_SHA<br> Unknown value 0xc003<br> Unknown value 0xc00d<br> Unknown value 0xc008<br> Unknown value 0xc012<br> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br>
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA<br> TLS_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_DSS_WITH_DES_CBC_SHA<br> TLS_RSA_EXPORT_WITH_RC4_40_MD5<br> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA<br>
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA<br> TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA<br> Unknown value 0xff<br><br>Firefox 21 (just to show how it looks like)<br> cipher suites<br> Unknown value 0xff [TLS_EMPTY_RENEGOTIATION_INFO_SCSV]<br>
Unknown value 0xc00a [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA]<br> Unknown value 0xc014 [TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]<br> Unknown value 0x88 [TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA]<br> Unknown value 0x87 [TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA]<br>
TLS_DHE_RSA_WITH_AES_256_CBC_SHA<br> TLS_DHE_DSS_WITH_AES_256_CBC_SHA<br> Unknown value 0xc00f<br> Unknown value 0xc005<br> Unknown value 0x84<br> TLS_RSA_WITH_AES_256_CBC_SHA<br>
Unknown value 0xc007<br> Unknown value 0xc009<br> Unknown value 0xc011<br> Unknown value 0xc013<br> Unknown value 0x45<br> Unknown value 0x44<br> TLS_DHE_RSA_WITH_AES_128_CBC_SHA<br>
TLS_DHE_DSS_WITH_AES_128_CBC_SHA<br> Unknown value 0xc00c<br> Unknown value 0xc00e<br> Unknown value 0xc002<br> Unknown value 0xc004<br> Unknown value 0x96<br> Unknown value 0x41<br>
TLS_RSA_WITH_RC4_128_SHA<br> TLS_RSA_WITH_RC4_128_MD5<br> TLS_RSA_WITH_AES_128_CBC_SHA<br> Unknown value 0xc008<br> Unknown value 0xc012<br> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br>
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA<br> Unknown value 0xc00d<br> Unknown value 0xc003<br> Unknown value 0xfeff<br> TLS_RSA_WITH_3DES_EDE_CBC_SHA<br><br><br><br><br></div>