Right, so from that RFC: "Note that higher layers should not be overly reliant on TLS always negotiating the strongest possible connection between two peers: there are a number of ways a man in the middle attacker can attempt to make two entities drop down to the least secure method they support. The protocol has been designed to minimize this risk, but there are still attacks available: for example, an attacker could block access to the port a secure service runs on, or attempt to get the peers to negotiate an unauthenticated connection. The fundamental rule is that higher levels must be cognizant of what their security requirements are and never transmit information over a channel less secure than what they require. The TLS protocol is secure, in that any cipher suite offers its promised level of security: if you negotiate 3DES with a 1024 bit RSA key exchange with a host whose certificate you have verified, you can expect to be that secure."
So it's clearly important to know what firefox *actually* does, and specifically, what protocol is used for key exchange. If as in this example from the RFC what I am getting is a 1024 bit RSA key exchange that is not secure today for data that needs to remain secret into 2010. Moreover the TLS standard leaves open the possibility that it uses the RSA_EXPORT protocol to exchange keys--using a key pair with less than 512 bits. It also leaves open the possibility that key negotiation was done using the Diffie-Hellman algorithm, and again I need to know how many bits were used in the ephemeral DH keys. Plainly my question remains unanswered: How do I learn what protocol was ACTUALLY used by firefox to exchange keys? Firefox reports to me the cipher used for content encryption when I click "more information" and look under "technical information" but I do not see anywhere details of the key negotiation that was performed at the TLS level. Justin On Aug 19, 6:38 pm, Nelson B Bolyard <nel...@bolyard.me> wrote: > On 2009-08-19 11:30 PDT, Justin wells wrote: > > > Hi all, > > > When I visit an HTTPS link I can see what strength of encryption is > > used to encrypt the content (e.g., 256 bit AES) and if I dig a little > > I can even see the strength of the certificate used for authentication > > (e.g., 1024 bit RSA). What I can't seem to find anywhere is any > > information about the strength or nature of the cryptography used for > > key agreement. > > Almost certainly the key agreement protocol is less secure than the > > 256 bit AES the browser tells me my bank supports. > > You're speculating. > > The question is not: what does NSS do, or what does Firefox do, but > rather, what does the TLS specification specify? > > I suggest you get a copy of RFC 2246 and study > it.ftp://ftp.rfc-editor.org/in-notes/rfc2246.txt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto