On Thu July 8 2010, Dirk Menstermann wrote: > Hi, > > on https://developer.mozilla.org/en/Security_in_Firefox_2 I found that FF 2 > does > support only curves with 256, 384, and 521. Maybe this is the same for FF 3 > and > your 160 bit curve is not supported. >
Try: about:config in your browser, page down to the security.* section. I do not see any mention of 160 bit curves mentioned in my ff-3 install. Although it might be there under a name I don't recognize. Mike > > Bye > Dirk > > Alex Birkett wrote: > > Hi, > > > > Firefox 3.6.2 supports the TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher > > suite. I've configured Open SSL (version 1.0.0.a) as a test server with > > what I think is a suitable ECC key/certificate (attached) The keys were > > created with the attached script. > > > > The server was started like this: > > openssl s_server -cert > > /home/alex/keys/ssltest/Certs/secp160r2TestServer.pem -cipher > > ECDHE-ECDSA-AES256-SHA > > > > An open ssl client can be successfully connected like this: > > openssl s_client -connect localhost:4433 > > The client says the connection is established with > > the ECDHE-ECDSA-AES256-SHA cipher > > > > When a connection with Firefox is attempted the server give a series of > > errors like this: > > > > 140068746417832:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > > shared cipher:s3_srvr.c:1216: > > shutting down SSL > > > > Can anybody explain this? Could it be a bug in OpenSSL? > > > > Many Thanks, > > > > Kind Regards, > > > > Alex > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
