Re: Firefox and ECC TLS ciphersuites

Fri, 25 Jul 2008 07:00:16 -0700 

I expected FF3.0.1 to do TLS with the specific ECC ciphersuite that you 
identify. However, my FF3 is not offering the ECC suites in its client 
hello. I downloaded FF3.0.1 from the mozilla.com site yesterday (7/24/08). I 
just did the quick download without any custom configuration. (There should 
not have been any previous versions of NSS on the system.)

The SSLtap of the Windows version of FF shows only 11 suites being offered:
         cipher_suites[11] = {
                (0x0004) SSL3/RSA/RC4-128/MD5
                (0x0005) SSL3/RSA/RC4-128/SHA
                (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
                (0x0009) SSL3/RSA/DES56-CBC/SHA
                (0x0064) TLS/RSA-EXPORT1024/RC4-56/SHA
                (0x0062) TLS/RSA-EXPORT1024/DES56-CBC/SHA
                (0x0003) SSL3/RSA/RC4-40/MD5
                (0x0006) SSL3/RSA/RC2CBC40/MD5
                (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
                (0x0012) SSL3/DHE-DSS/DES56-CBC/SHA
                (0x0063) TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA
            }
The Linux version operating on Fedora 8 shows 18:
           cipher_suites[18] = {
                (0x0088) TLS/DHE-RSA/CAMELLIA256-CBC/SHA
                (0x0087) TLS/DHE-DSS/CAMELLIA256-CBC/SHA
                (0x0039) TLS/DHE-RSA/AES256-CBC/SHA
                (0x0038) TLS/DHE-DSS/AES256-CBC/SHA
                (0x0084) TLS/RSA/CAMELLIA256-CBC/SHA
                (0x0035) TLS/RSA/AES256-CBC/SHA
                (0x0045) TLS/DHE-RSA/CAMELLIA128-CBC/SHA
                (0x0044) TLS/DHE-DSS/CAMELLIA128-CBC/SHA
                (0x0033) TLS/DHE-RSA/AES128-CBC/SHA
                (0x0032) TLS/DHE-DSS/AES128-CBC/SHA
                (0x0041) TLS/RSA/CAMELLIA128-CBC/SHA
                (0x0004) SSL3/RSA/RC4-128/MD5
                (0x0005) SSL3/RSA/RC4-128/SHA
                (0x002f) TLS/RSA/AES128-CBC/SHA
                (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA
                (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA
                (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA
                (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA
            }


"David Stutzman" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively
>  supported it (ECC ciphersuites are enabled in about:config). Using
> normal downloads of FF3 on either Linux or Windows I'm getting the
> error that there's no common ciphersuite. Looking at SSLTap, both
> versions of FF3 browser are not offering any of the ECC cipher
> suites. I tried a search but did not quickly find any references on
> how to enable FF3 for ECC suites.

I'm currently using Firefox 3.0.1 on win32 and can connect to an ssl
webserver with an ECC keypair just fine.
Using ssltap shows that the client sends 34 suites to the server, many
of which are EC. The server responds with, and I connect using,
cipher_suite = (0xc005) TLS/ECDH-ECDSA/AES256-CBC/SHA.

Dave 


_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to