Re: Sites which fail with tls 1.0
Brian Smith br...@briansmith.org writes: Thanks for replying. I am not sure about how SM works but I would expect it to work like Firefox in this aspect. So did I; but even with 2.24pre1 (same gecko as ff27) it does not. I'll grep thru the src for differences, and open a bugz. Understood. Next week Firefox 27 will be released and I think SM will be released around the same time. I would appreciate hearing whether or not you are having the same issues in Firefox 27 or SM 27. sm 2.24pre1 is the same. Except of course that the default max vers is now 3, so that site now requires an explicit prefs setting. Is the retry logic in nss or in mozilla-central? And if the latter, can anyone help narrow the search? I didn't find anything relevant in comm-central. Thanks, -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Sites which fail with tls 1.0
Julien Vehent jul...@linuxwall.info writes: I had to set security.tls.version.max to 1 to get ff (26) or sm (2.23) to get her (relevant) profile to log in to their site. Are you saying that the default settings were failing entirely, and you had to force tls1 for this site? I thought that profile had the default settings for security, since it is used only for interacting with that one vendor. But it seems not, since 1 is the default value for tls.version.max. I must have enabled 1.1 for all of her profiles by adding the line to the prefs.js files. Chromium must have re-tried with 1.0, since it defaults to 1.2 when connecting to my servers. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Sites which fail with tls 1.0
In case anyone is keeping a list, while helping a relative I determined that timewarnercable.com's login server (wayfarer.timewarnercable.com) will not work with tls 1.1 or 1.2. The connection fails after the client right after the client hello. I had to set security.tls.version.max to 1 to get ff (26) or sm (2.23) to get her (relevant) profile to log in to their site. [Side note: +\inf on the concecpt of profiles; one of Gecko's most important features!] -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: [Ach] Proposal to Remove legacy TLS Ciphersuits Offered by Firefox
Julien Vehent jul...@linuxwall.info writes: I would argue that our documents target server configurations, where AES-NI is now a standard. It is not. Many sites run on virtuals, often using kvm. And most kvm sites provide a QEMU Virtual CPU which only supports sse2. And even without kvm, there is still a /lot/ of pre-aes-ni hardware in use. -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Rus GOST 89
Frank Hecker hec...@mozillafoundation.org writes: Nelson B Bolyard wrote: Today, I see the FSF web site talks about copyright assignment. I don't know all the implications of that, but I presume that it is essentially a relinquishment, except that you keep your own name on the copyrighted work. One last comment on this: Typical copyright assignment agreements transfer all rights in the code to someone else. Note, though, that the FSF's assignment contract licenses the rights back to the contributor. You only give up ownership of the code; you can still use/modify/distribute/etc the contributed code after contributing it to the FSF. But only because they explicitly license it back. (How that interacts with the extent to which the contributed code is a derivative of GPL or LGPL code sounds like an interesting question.) -JimC -- James Cloos cl...@jhcloos.com OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto