https://bugzilla.mozilla.org/s... [mozilla.org]
Firefox only currently supports DHE with SHA1. Are they going add support for SHA256 DHE when they disable SHA1? To quote Michael Staruch from the above link: It looked more like attempts to discredit DHE and push everyone into ECC. And I am not so sure if that's best way to protect our privacy, especially with multiple TLS clients supporting only NSA Suite B curves. Mozilla, we really need DHE to work with SHA256 and GCM. Sure, fallback to something else if weak dhparams are used by the server. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy