subject:"Re\: WebRTC DTLS cipher suite selection logic"

Re: WebRTC DTLS cipher suite selection logic

2015-10-03 Thread ors . szabo . hu

Thanks Martin, but i suppose that doesn't mean that Firefox only includes these 
two cipher suites in the ClientHello:
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

I remember seeing many more earlier, e.g. DHE-RSA and ECDHE-RSA. I know that 
non-PFS ciphers are removed, but im wondering if now only ECDHE-ECDSA is 
included or also e.g. TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA is supported? At least those are not part of 
the DisabledCiphers[]. 
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: WebRTC DTLS cipher suite selection logic

2015-09-30 Thread Martin Thomson

On Wed, Sep 30, 2015 at 1:15 PM,   wrote:
> Where can i find information on how Firefox is selecting the cipher suite to 
> be used from the list of cipher suites it receives in DTLS ClientHello ?


The only place that lives now is in the NSS code.  You can see the
preference order here:

https://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#89

We disable a good number of those suites though:

https://dxr.mozilla.org/mozilla-central/source/media/mtransport/transportlayerdtls.cpp?from=transportlayerdtls.cpp=0#674
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: WebRTC DTLS cipher suite selection logic

Re: WebRTC DTLS cipher suite selection logic

2 matches

Site Navigation

Mail list logo

Footer information