https://www.ssllabs.com/ssltest/viewClient.html?name=Firefox&version=53&platform=Win%207&key=142
Sent from ProtonMail Mobile On Tue, Aug 29, 2017 at 5:08 PM, Patrick Dohman <[email protected]> wrote: > My current understanding is that Mozilla Firefox also has issues with ECDHE. > For example applications implementing a web server and library specific > cipher suites may be incompatible with Firefox if ECDHE is enabled . However > the same self signed certificate installed in different web server for > example apache are compatible with Firefox with ECDHE enabled. My current > hypothesis is that not all open source projects ‘"purchased" a class three > public certificate authority from the likes of Symantec with prevents the > certificate store from falling back to a SSL 3.0 That essentially to all > certificate stores are equal & that hashing an appropriate algorithm is > becoming non standardized in the event that the certificate is not a trusted > root. Regards Patrick > On Aug 29, 2017, at 8:23 AM, Rupert Gallagher wrote: > > >> Clean up the EC key/curve configuration handling. We no longer support > ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher > list. As such, permanently enable automatic EC curve selection and > generation, effectively disabling all of the configuration knobs. > > > https://www.tedunangst.com/flak/post/openbsd-changes-of-note-627 > > The > description @protonmail.com>
