I’ve read that SHA1 can be brute forced however why Mozilla Firefox forces a ECDH is misunderstood if attempting to negotiate for example RSA
In my experience sea monkey can authenticate correctly against an apple key-chain however Firefox returns cipher suite errors Regards Patrick > On Aug 29, 2017, at 2:25 PM, Rupert Gallagher <[email protected]> wrote: > > https://www.ssllabs.com/ssltest/viewClient.html?name=Firefox&version=53&platform=Win%207&key=142 > > Sent from ProtonMail Mobile > > On Tue, Aug 29, 2017 at 5:08 PM, Patrick Dohman > <[email protected]> wrote: > >> My current understanding is that Mozilla Firefox also has issues with ECDHE. >> For example applications implementing a web server and library specific >> cipher suites may be incompatible with Firefox if ECDHE is enabled . However >> the same self signed certificate installed in different web server for >> example apache are compatible with Firefox with ECDHE enabled. My current >> hypothesis is that not all open source projects ‘"purchased" a class three >> public certificate authority from the likes of Symantec with prevents the >> certificate store from falling back to a SSL 3.0 That essentially to all >> certificate stores are equal & that hashing an appropriate algorithm is >> becoming non standardized in the event that the certificate is not a trusted >> root. Regards Patrick > On Aug 29, 2017, at 8:23 AM, Rupert Gallagher wrote: >> > >> Clean up the EC key/curve configuration handling. We no longer support >> ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher >> list. As such, permanently enable automatic EC curve selection and >> generation, effectively disabling all of the configuration knobs. > > >> https://www.tedunangst.com/flak/post/openbsd-changes-of-note-627 > > The >> description @protonmail.com>
