Where are others "SHA256 " cipher suits in Firefox 27?
Hi, I see only: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Where are others? For example: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) Many web-sites have only TLS_RSA_WITH_AES_256_CBC_SHA256 as kind of strong(even without PFS) and weak RC4 and 3DES. If I have not TLS_RSA_WITH_AES_256_CBC_SHA256 server will choose RC4 or 3DES! Why Mozilla doesn't add others "SHA256" cipher suits? What is the problem to add them, is it so hard? :) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Sites which fail with tls > 1.0
On Wed, Feb 5, 2014 at 5:39 PM, wrote: > Is the retry logic in nss or in mozilla-central? And if the latter, > can anyone help narrow the search? I didn't find anything relevant > in comm-central. It is in mozilla-central, in security/manager/ssl/src/nsNSSIOLayer.cpp. See these bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=839310 https://bugzilla.mozilla.org/show_bug.cgi?id=945195 Cheers, Brian -- Mozilla Networking/Crypto/Security (Necko/NSS/PSM) -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Sites which fail with tls > 1.0
Brian Smith writes: > Thanks for replying. I am not sure about how SM works but I would > expect it to work like Firefox in this aspect. So did I; but even with 2.24pre1 (same gecko as ff27) it does not. I'll grep thru the src for differences, and open a bugz. > Understood. Next week Firefox 27 will be released and I think SM will > be released around the same time. I would appreciate hearing whether > or not you are having the same issues in Firefox 27 or SM 27. sm 2.24pre1 is the same. Except of course that the default max vers is now 3, so that site now requires an explicit prefs setting. Is the retry logic in nss or in mozilla-central? And if the latter, can anyone help narrow the search? I didn't find anything relevant in comm-central. Thanks, -JimC -- James Cloos OpenPGP: 1024D/ED7DAEA6 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto